Certificate Transparency - Venafi Gen2 CT Log server inclusion request
Reported by
venaf...@gmail.com,
Feb 3 2017
|
||||||||||||
Issue descriptionContact Information: - email: ctlog-admin@venafi.com - phone number: +1-650-924-9699 - Log Operator: Venafi, Inc. - Authorized Contacts: Alex Kaplunov, Daniel Elarde, Deyan Bektchiev, Hari Nair, Remo Ronca, Steve Topletz, Matthew Stits Log Server URL: https://ctlog-gen2.api.venafi.com/ Server public key: Attached file: hsm.public.key-gen2.der Description: Venafi's second CT log, operating since 2017-Feb-02. MMD: 24 hours Accepted roots: Attached file: trusted_roots.crt.2016_10_25
,
Feb 7 2017
,
Feb 7 2017
Thank you for your request, we started monitoring your log server at 2017-Feb-06 12:01:16 +0000. Should no issues be detected, the initial compliance monitoring phase will be complete on 2017-May-07 and we will update this bug shortly after that date to confirm.
,
Feb 8 2017
,
Feb 8 2017
,
May 9 2017
This log has passed the initial 90 day compliance period and we will start the process to add this to Chrome.
,
May 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e65724e4537aa0e42d14ba0a7fe19d077158f9ea commit e65724e4537aa0e42d14ba0a7fe19d077158f9ea Author: hadfieldp <hadfieldp@google.com> Date: Fri May 12 15:50:38 2017 Update CT log list to include Venafi gen2. Venafi gen2 completed probation on 2017-May-07 BUG= 688510 Review-Url: https://codereview.chromium.org/2874423002 Cr-Commit-Position: refs/heads/master@{#471318} [modify] https://crrev.com/e65724e4537aa0e42d14ba0a7fe19d077158f9ea/net/data/ssl/certificate_transparency/log_list.json
,
May 12 2017
,
May 12 2017
M59 is already past branch-point. Can this wait until M60?
,
May 12 2017
Pls apply appropriate OSs label.
,
May 12 2017
We should take this in M59, but let's wait until we've got some bake time in 60 Dev.
,
May 12 2017
,
May 16 2017
,
May 17 2017
Do we have data from Dev yet?
,
May 17 2017
Yep, I think we're good.
,
May 17 2017
Your change meets the bar and is auto-approved for M59. Please go ahead and merge the CL to branch 3071 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 22 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 22 2017
Please merge your CL to M59 release branch (3071) before 5PM PT tomorrow so we can pick it up for this week's beta release. Thanks.
,
May 24 2017
Quick update: Since this is not a straightforward merge, I've had to manually make a change on that branche. rsleevi@ is reviewing it (https://codereview.chromium.org/2898173002/) and I hope to land it today.
,
May 24 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/519cff3570d4f9bc6e0041161c3bd9947218a5b7 commit 519cff3570d4f9bc6e0041161c3bd9947218a5b7 Author: Eran Messeri <eranm@google.com> Date: Wed May 24 13:55:48 2017 Adding Venafi 2nd Gen CT Log Add the information about the Venafi 2nd generation CT log that recently passed compliance. This is a merge of the data approved in: https://bugs.chromium.org/p/chromium/issues/detail?id=688510#c18 It is not possible, unfortunately, to simply cherry-pick the original change (https://codereview.chromium.org/2874423002) because it depends on another change to operate correctly (https://chromium.googlesource.com/chromium/src/+/9657f6767718da315773bef39143c869508becc3), so cherry-picking fails. BUG= 688510 R=rsleevi@chromium.org Review-Url: https://codereview.chromium.org/2898173002 . Cr-Commit-Position: refs/branch-heads/3071@{#682} Cr-Branched-From: a106f0abbf69dad349d4aaf4bcc4f5d376dd2377-refs/heads/master@{#464641} [modify] https://crrev.com/519cff3570d4f9bc6e0041161c3bd9947218a5b7/net/cert/ct_known_logs_static-inc.h
,
Mar 1 2018
As we already announced here: https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/zupHFW6JhiE and communicated to the Chromium team, as of today the Venafi 2ng Gen CT log is now in read-only mode - it will be signing new heads for a period of time until we create a completely read-only mirror but no new certificates will be added. The final tree size is 111554064 .
,
Mar 1 2018
Due to a missing leading / symbol two more merge delay monitor pre-certificates were added in the last 2 hours so the tree grew by 2. The load balancer has been updated so future logging will be disabled for these as well.
,
Sep 20
Out of curiosity, do you still plan to create a "completely read-only mirror"? I've noticed that this log is still signing new tree heads.
,
Sep 20
This is still the plan, however I can't give you a timeline - it is not the highest on the priority list right now. |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by mea...@chromium.org
, Feb 3 2017Components: Internals>Network>CertTrans
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam allpublic Type-Feature