ipng/ipng.ch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2681861e4b285cf878204f697536790feb4dbb56
ipng.ch/content/ctlog.md
Pim van Pelt 8afa2ff944
All checks were successful
continuous-integration/drone/push Build is passing
Details
Add logo
2025-07-30 22:23:14 +02:00

65 lines
2.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: 'Certificate Transparency'
date: 2025-07-30
url: /s/ct
---
{{< image width="10em" float="right" src="/assets/ctlog/ctlog-logo-ipng.png" alt="ctlog logo" >}}
Certificate Transparency logs are "append-only" and publicly-auditable ledgers of certificates being
created, updated, and expired. This is the homepage for IPng Networks' Certificate Transparency
project.
Certificate Transparency [[CT](https://certificate.transparency.dev)] is a system for logging and
monitoring certificate issuance. It greatly enhances everyones ability to monitor and study
certificate issuance, and these capabilities have led to numerous improvements to the CA ecosystem
and Web security. As a result, it is rapidly becoming critical Internet infrastructure. Originally
developed by Google, the concept is now being adopted by many _Certification Authories_ who log
their certificates, and professional _Monitoring_ companies who observe the certificates and
report anomalies.
IPng Networks runs our logs under the domain `ct.ipng.ch`, split into a `*.log.ct.ipng.ch` for the
write-path, and `*.mon.ct.ipng.ch` for the read-path.
We are submitting our log for inclusion in the approved log lists for Google Chrome and Apple
Safari. Following 90 days of successful monitoring, we anticipate our log will be added to these
trusted lists and that change will propagate to peoples browsers with subsequent browser version
releases.
We operate two popular implementations of Static Certificate Transparency software.
## Sunlight
[[Sunlight](https://sunlight.dev)] was designed by Filippo Valsorda for the needs of the WebPKI
community, through the feedback of many of its members, and in particular of the Sigsum, Google
TrustFabric, and ISRG teams. It is partially based on the Go Checksum Database. Sunlight's
development was sponsored by Let's Encrypt.
Our Sunlight logs:
* A staging log called [[Rennet](https://rennet2025h2.log.ct.ipng.ch/)], incepted 2025-07-28,
starting from temporal shard `rennet2025h2`.
* A production log called [[Gouda](https://gouda2025h2.log.ct.ipng.ch/)], incepted 2025-07-30,
starting from temporal shard `gouda2025h2`.
## TesseraCT
[[TesseraCT](https://github.com/transparency-dev/tesseract)] is a Certificate Transparency (CT) log
implementation by the TrustFabric team at Google. It was built to allow log operators to run
production static-ct-api CT logs starting with temporal shards covering 2026 onwards, as the
successor to Trillian's CTFE.
Our TesseraCT logs:
* A staging log called **Lipase**.
* A production log called **Halloumi**.
## Operational Details
You can read more details about our infrastructure on:
* **[[TesseraCT]({{< ref 2025-07-26-ctlog-1 >}})]**, published on 2025-07-26.
* **Sunlight** (todo)
* **Operational Notes** (todo)
The operators of this infrastructure are **Antonis Chariton**, **Jeroen Massar** and **Pim van Pelt**. \
You can reach us via e-mail at [[<ct-ops@ipng.ch>](mailto:ct-ops@ipng.ch)].
Reference in New Issue View Git Blame Copy Permalink