Neither Chrome nor Safari requires the publication of final certificates. They do display interstitials in SCTs are not present in certificates though.
On Tue, Aug 30, 2022 at 10:39 AM John Han <[email protected]> wrote: > My mistake, I thought it's in BR but it doesn't, only Chrome/Safari > requires it. > > 在2022年8月31日星期三 UTC+8 00:54:41<[email protected]> 写道: > >> If the final certificate is submitted to logs it would be in monitors, >> but most CAs do not, and for those issuers, the only certificates in the >> logs are those that are discovered by crawlers or individuals that submit >> them to the logs. In other words, you can not rely on final certificates >> being present in logs. >> >> Ryan >> >> On Tue, Aug 30, 2022 at 9:38 AM John Han <[email protected]> wrote: >> >>> So as they submitted final certficate to logs, it doesn't matter that >>> certificate should be visible to tools like crt.sh? >>> >>> 在2022年8月30日星期二 UTC+8 22:48:48<[email protected]> 写道: >>> >>>> Yes, very few CAs currently publish final certificates, the final >>>> certificates in the logs are usually discovered by crawlers. >>>> >>>> Technically it is even permissible to not log pre-certificates as well. >>>> Not doing so means visitors to a site that uses that certificate will >>>> receive an interstitial that must be bypassed by the user though. >>>> >>>> Ryan Hurst >>>> >>>> >>>> >>>> On Tue, Aug 30, 2022 at 12:59 AM John Han <[email protected]> wrote: >>>> >>>>> Hi All, >>>>> Recently I have found this PreCertificate >>>>> https://crt.sh/?id=7319399876 but its related Certificate not found >>>>> in CT log. >>>>> Is this compliance with current policy? >>>>> >>>>> HAN Yuwei >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "[email protected]" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0904ff95-841a-49d5-923b-9cfac12d3b53n%40mozilla.org >>>>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0904ff95-841a-49d5-923b-9cfac12d3b53n%40mozilla.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CALVZKwbrjLqvTV7j0LPY63JkSopvWiMr1d%2B5pCj043BuZwkC-w%40mail.gmail.com.
