Are the ACME logs published?


#1

I’ve heard that the ACME protocol logs of the validation processes will be transparently published. Since the authority already issues trusted certificates, I wonder whether these logs are published somewhere or whether they are at least going to be published on the General Availability day.


#2

The logs are already published here: https://crt.sh/?Identity=%&iCAID=7395

According to the site LE already signed 3,272 certificates so far.


#3

Those are only CT logs, documenting only actually published certificates. I was asking for ACME protocol logs, documenting which validation steps led to the successful validation and issuance of each certificate.

The reason I’m asking is that I would like to see how the proof of possession of private key look like and weather it is already required for domain names which have some prior TLS certificate deployed.


#4

Unfortunately we don’t yet have code working to publish details of validation messages. We still plan to do that, but we weren’t able to get it done in time for beta.

To answer your other question: Proof of Possession of prior key is also not yet implemented, and so won’t be required at launch. We may add it as an additional requirement down the road.


#5

Is there a public issue tracker with issues that can be tracked for publishing ACME logs and implementing the Proof of Possession of prior key?


#6

The code is on GitHub:

There aren’t any issues open at present for publishing validation logs; it’d be good to write one up. First there’ll need to be a design for how to publish the logs in general (Are they fetched via HTTP GET as JSON objects? Are they plaintext, placed on a server somewhere? How does it get updated? etc.)

Proof of Possession isn’t implemented yet either, though there’s an issue: #666


#7

Thank you, I created a new issue for the ACME log publishing: https://github.com/letsencrypt/boulder/issues/1408