Description: 

Xenon20XX - Google's latest public CT Logs, operating since 2017-December-05.

These Logs are implemented and operated by Google.

These Logs accept all certificates that are anchored in a root trusted by one of the major browser vendors including Apple, Microsoft and Mozilla. These Logs accept certificates expiring within the date range as listed below.

These Logs are public and provide open access. There are no fees for submitting certificates or any other usage including queries and mirroring. No prior contracts or agreements are required before the Logs may be used.

Details:

Log IDs: 

Xenon 2018: sQzVWabWeEaBH335pRUyc5rEjXA76gMj2l04dVvArU4=
Xenon 2019: CEEUmABxUywWGQRgvPxH/cJlOvopLHKzf/hjrinMyfA=
Xenon 2020: B7dcG+V9aP/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohw=
Xenon 2021: fT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8Nc=
Xenon 2022: RqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUc=

Log URLs:

https://ct.googleapis.com/logs/xenon2018
https://ct.googleapis.com/logs/xenon2019
https://ct.googleapis.com/logs/xenon2020
https://ct.googleapis.com/logs/xenon2021
https://ct.googleapis.com/logs/xenon2022

Certificate Expiry Ranges:

Xenon 2018: Jan 01 2018 00:00:00Z inclusive to Jan 01 2019 00:00:00Z exclusive
Xenon 2019: Jan 01 2019 00:00:00Z inclusive to Jan 01 2020 00:00:00Z exclusive
Xenon 2020: Jan 01 2020 00:00:00Z inclusive to Jan 01 2021 00:00:00Z exclusive
Xenon 2021: Jan 01 2021 00:00:00Z inclusive to Jan 01 2022 00:00:00Z exclusive
Xenon 2022: Jan 01 2022 00:00:00Z inclusive to Jan 01 2023 00:00:00Z exclusive

MMDs: 24 hours for all logs.

Server public keys: attached in PEM file google-xenon-public-keys.zip
Accepted roots for all logs: Attached file: xenon-roots-20181205.pem

Contact Information:
- email: google-ct-logs@googlegroups.com
- phone number: +442070313000 (Google UK)
- Authorized Persons: Al Cutter, Pierre Phaneuf, Paul Hadfield, Martin Smith, Rob Percival, Kat Joyce, David Drysdale

Additional Notes:

We will freeze the Logs once their inclusion expiry window has passed by closing it for new submissions. We will then request that trust be withdrawn from this log by Chromium as all the certificates it contains will have expired and will therefore be no longer valid.

The combination of the certificate expiry ranges of the new Google Xenon Logs will allow any certificate that chains to a trusted root and has a lifetime of 39 months or less to be logged to one of the new Xenon Logs, if it is issued within the next year. Further Xenon Logs will be turned up in the future in order to maintain the window for accepted certificates.

Submissions are subject to rate limits by IP address. Queries are rate limited by IP address. Rate limited requests will be denied with an HTTP error status code. We intend to provide serving capacity to support any reasonable usage level but additional automatic mechanisms exist that will operate to protect our infrastructure in emergency situations.

The purpose of our new Logs is an attempt to move towards a more managed and predictable lifecycle for CT Logs and thereby reduce operational overhead for both submitters and log operators. We have no current plan or schedule to discontinue serving these Logs, but may revisit this as operational policies within the ecosystem evolve.

Implementation: 

This Log is based on our Golang implementation of Certificate Transparency. The open source version of this code can be found at: https://github.com/google/trillian and https://github.com/google/certificate-transparency-go and it is made available under an Apache 2.0 license.


 

Deleted: xenon-roots-20171205.pem 1017 KB

xenon-roots-20171205.pem 1017 KB Download

Deleted: xenon-public-keys.zip 1.4 KB

xenon-public-keys.zip 1.4 KB Download

Description: 

Xenon20XX - Google's latest public CT Logs, operating since 2017-December-05.

These Logs are implemented and operated by Google.

These Logs accept all certificates that are anchored in a root trusted by one of the major browser vendors including Apple, Microsoft and Mozilla. These Logs accept certificates expiring within the date range as listed below.

These Logs are public and provide open access. There are no fees for submitting certificates or any other usage including queries and mirroring. No prior contracts or agreements are required before the Logs may be used.

Details:

Log IDs: 

Xenon 2018: sQzVWabWeEaBH335pRUyc5rEjXA76gMj2l04dVvArU4=
Xenon 2019: CEEUmABxUywWGQRgvPxH/cJlOvopLHKzf/hjrinMyfA=
Xenon 2020: B7dcG+V9aP/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohw=
Xenon 2021: fT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8Nc=
Xenon 2022: RqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUc=

Log URLs:

https://ct.googleapis.com/logs/xenon2018/
https://ct.googleapis.com/logs/xenon2019/
https://ct.googleapis.com/logs/xenon2020/
https://ct.googleapis.com/logs/xenon2021/
https://ct.googleapis.com/logs/xenon2022/

Certificate Expiry Ranges:

Xenon 2018: Jan 01 2018 00:00:00Z inclusive to Jan 01 2019 00:00:00Z exclusive
Xenon 2019: Jan 01 2019 00:00:00Z inclusive to Jan 01 2020 00:00:00Z exclusive
Xenon 2020: Jan 01 2020 00:00:00Z inclusive to Jan 01 2021 00:00:00Z exclusive
Xenon 2021: Jan 01 2021 00:00:00Z inclusive to Jan 01 2022 00:00:00Z exclusive
Xenon 2022: Jan 01 2022 00:00:00Z inclusive to Jan 01 2023 00:00:00Z exclusive

MMDs: 24 hours for all logs.

Server public keys: attached in PEM file google-xenon-public-keys.zip
Accepted roots for all logs: Attached file: xenon-roots-20181205.pem

Contact Information:
- email: google-ct-logs@googlegroups.com
- phone number: +442070313000 (Google UK)
- Authorized Persons: Al Cutter, Pierre Phaneuf, Paul Hadfield, Martin Smith, Rob Percival, Kat Joyce, David Drysdale

Additional Notes:

We will freeze the Logs once their inclusion expiry window has passed by closing it for new submissions. We will then request that trust be withdrawn from this log by Chromium as all the certificates it contains will have expired and will therefore be no longer valid.

The combination of the certificate expiry ranges of the new Google Xenon Logs will allow any certificate that chains to a trusted root and has a lifetime of 39 months or less to be logged to one of the new Xenon Logs, if it is issued within the next year. Further Xenon Logs will be turned up in the future in order to maintain the window for accepted certificates.

Submissions are subject to rate limits by IP address. Queries are rate limited by IP address. Rate limited requests will be denied with an HTTP error status code. We intend to provide serving capacity to support any reasonable usage level but additional automatic mechanisms exist that will operate to protect our infrastructure in emergency situations.

The purpose of our new Logs is an attempt to move towards a more managed and predictable lifecycle for CT Logs and thereby reduce operational overhead for both submitters and log operators. We have no current plan or schedule to discontinue serving these Logs, but may revisit this as operational policies within the ecosystem evolve.

Implementation: 

This Log is based on our Golang implementation of Certificate Transparency. The open source version of this code can be found at: https://github.com/google/trillian and https://github.com/google/certificate-transparency-go and it is made available under an Apache 2.0 license.


 

Deleted: xenon-roots-20171205.pem 1017 KB

xenon-roots-20171205.pem 1017 KB Download

Deleted: xenon-public-keys.zip 1.4 KB

xenon-public-keys.zip 1.4 KB Download