Contact DigiCert CT Log Operators to request inclusion


#1

1 Certificate Transparency Log (Certly) has already included ISRG Root X1. I propose that someone responsible for the CA send a quick e-mail with the ISRG Root X1 to this e-mail (ctops@digicert.com) for requesting inclusion at the https://ct1.digicert-ct.com/log.

@jsha Who is responsible within Let’s Encrypt for such communication?


#3

Actually, I propose that someone from the Let’s Encrypt staff request inclusion for the root certificate (ISRG Root X1) to become acceptable, because that is not yet accepted from many CT logs (actually one CT log, namely Certly, has agreed to add that root -> I don’t know whether there has been any previous communication of LE staff with Certly operator)


#4

Ah, I see… The current CTLs only have the IdenTrust root accepted ofcourse… Sorry, misinterpreted your post :slight_smile:


#5

No. Unfortunately, not many non-Google logs have the IdenTrust root accepted… This is why DigiCert inclusion would be something nice :slight_smile:


#6

@roland is asking DigiCert and Symantec for inclusion. We’ll be asking for the the IdenTrust DST Root X3 to be added.


#7

Why not the ISRG Root? And when did @roland ask for inclusion? Do you plan to do this, or have you done this before my forum post?


#8

It’s on @roland’s TODO list. I don’t know if he’s done it yet.

The ISRG root is not yet included in any root programs. Most CT logs choose to include only roots that are accepted by root programs. Once we’re accepted, we’ll probably ask to add that root to the logs as well. It doesn’t matter anyhow - they important thing is that the logs be able to build a trust path to the end-entity cert so they know it’s not a spam submission.


#9

I made the requests late last week and am currently waiting on a response from both log operators.

We are requesting the inclusion of both the IdentTrust DST Root X3 and the ISRG Root X1 certificates but it is up to the operators to decide which will actually end up being included.


#10

Will you please update this thread once you get any reply from them?


#11

@roland is it right to guess that there will no response from the two log operators?
Since this topic is already very old without new information.