If the final certificate is submitted to logs it would be in monitors, but most CAs do not, and for those issuers, the only certificates in the logs are those that are discovered by crawlers or individuals that submit them to the logs. In other words, you can not rely on final certificates being present in logs.
Ryan On Tue, Aug 30, 2022 at 9:38 AM John Han <[email protected]> wrote: > So as they submitted final certficate to logs, it doesn't matter that > certificate should be visible to tools like crt.sh? > > 在2022年8月30日星期二 UTC+8 22:48:48<[email protected]> 写道: > >> Yes, very few CAs currently publish final certificates, the final >> certificates in the logs are usually discovered by crawlers. >> >> Technically it is even permissible to not log pre-certificates as well. >> Not doing so means visitors to a site that uses that certificate will >> receive an interstitial that must be bypassed by the user though. >> >> Ryan Hurst >> >> >> >> On Tue, Aug 30, 2022 at 12:59 AM John Han <[email protected]> wrote: >> >>> Hi All, >>> Recently I have found this PreCertificate https://crt.sh/?id=7319399876 >>> but its related Certificate not found in CT log. >>> Is this compliance with current policy? >>> >>> HAN Yuwei >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "[email protected]" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0904ff95-841a-49d5-923b-9cfac12d3b53n%40mozilla.org >>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0904ff95-841a-49d5-923b-9cfac12d3b53n%40mozilla.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CALVZKwajz%2Bs4nktdMx9FBRciNC4mA9XrSK_VX_9f4f1HkhnfJg%40mail.gmail.com.
