From fe1207ee7864c1fb3b6c6ed51a028cc1eb2a9d48 Mon Sep 17 00:00:00 2001 From: Pim van Pelt Date: Wed, 30 Jul 2025 22:14:08 +0200 Subject: [PATCH] Add ctlog landing page --- content/ctlog.md | 62 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 content/ctlog.md diff --git a/content/ctlog.md b/content/ctlog.md new file mode 100644 index 0000000..0c6f66a --- /dev/null +++ b/content/ctlog.md @@ -0,0 +1,62 @@ +--- +title: 'Certificate Transparency' +date: 2025-07-30 +url: /s/ct +--- + +Certificate Transparency logs are "append-only" and publicly-auditable ledgers of certificates being +created, updated, and expired. This is the homepage for IPng Networks' Certificate Transparency +project. + +Certificate Transparency [[CT](https://certificate.transparency.dev)] is a system for logging and +monitoring certificate issuance. It greatly enhances everyone’s ability to monitor and study +certificate issuance, and these capabilities have led to numerous improvements to the CA ecosystem +and Web security. As a result, it is rapidly becoming critical Internet infrastructure. Originally +developed by Google, the concept is now being adopted by many _Certification Authories_ who log +their certificates, and professional _Monitoring_ companies who observe the certificates and +report anomalies. + +IPng Networks runs our logs under the domain `ct.ipng.ch`, split into a `*.log.ct.ipng.ch` for the +write-path, and `*.mon.ct.ipng.ch` for the read-path. + +We are submitting our log for inclusion in the approved log lists for Google Chrome and Apple +Safari. Following 90 days of successful monitoring, we anticipate our log will be added to these +trusted lists and that change will propagate to people’s browsers with subsequent browser version +releases. + +We operate two popular implementations of Static Certificate Transparency software. + +## Sunlight + +[[Sunlight](https://sunlight.dev)] was designed by Filippo Valsorda for the needs of the WebPKI +community, through the feedback of many of its members, and in particular of the Sigsum, Google +TrustFabric, and ISRG teams. It is partially based on the Go Checksum Database. Sunlight's +development was sponsored by Let's Encrypt. + +Our Sunlight logs: +* A staging log called [[Rennet](https://rennet2025h2.log.ct.ipng.ch/)], incepted 2025-07-28, + starting from temporal shard `rennet2025h2`. +* A production log called [[Gouda](https://gouda2025h2.log.ct.ipng.ch/)], incepted 2025-07-30, + starting from temporal shard `gouda2025h2`. + +## TesseraCT + +[[TesseraCT](https://github.com/transparency-dev/tesseract)] is a Certificate Transparency (CT) log +implementation by the TrustFabric team at Google. It was built to allow log operators to run +production static-ct-api CT logs starting with temporal shards covering 2026 onwards, as the +successor to Trillian's CTFE. + +Our TesseraCT logs: +* A staging log called **Lipase**. +* A production log called **Halloumi**. + +## Operational Details + +You can read more details about our infrastructure on: +* **[[TesseraCT]({{< ref 2025-07-26-ctlog-1 >}})]**, published on 2025-07-26. +* **Sunlight** (todo) +* **Operational Notes** (todo) + +The operators of this infrastructure are **Antonis Chariton**, **Jeroen Massar** and **Pim van Pelt**. \ +You can reach us via e-mail at [[](mailto:ct-ops@ipng.ch)]. +