Thanks for the pointer, Andrew! Best, Felix
> On 3 May 2024, at 00:29, Andrew Ayer <[email protected]> wrote: > > Hi Felix, > > On Wed, 1 May 2024 10:18:17 -0700 (PDT) > Felix Linker <[email protected] <mailto:[email protected]>> wrote: > >> Hi everyone, >> >> I encountered an oddity with an inclusion of a certificate of mine in >> a CT log. Namely, I would like to check the inclusion of this >> certificate (https://crt.sh/?id=12905498367) in the Yeti 2024 log. It >> should be included in that log because there is an SCT from that log. >> >> If I query for the certificate's hash at the log (hash computed using >> my code), the log returns a leaf >> index: >> https://yeti2024.ct.digicert.com/log/ct/v1/get-proof-by-hash?hash=MGjihrSBitsZpxw3LNGIdA7SMKEWdDSp7i0r8WoO1zw=&tree_size=879757777 >> >> However, when I use that leaf index to query for the certificate (and >> its proof) the response is "Not >> Found": >> https://yeti2024.ct.digicert.com/log/ct/v1/get-entry-and-proof?leaf_index=878032114&tree_size=879757777 >> >> I presume, the log is still auditable because it returns a proof of >> inclusion by the certificate's hash. However, I would expect the >> latter query to not fail. Am I missing something? These queries >> succeed for the other SCT of the certificate. > > The get-entry-and-proof endpoint is effectively optional. RFC 6962 says > "this API is probably only useful for debugging", which led some log > operators to omit support for it, and no browser operator has mandated > support for it (yet). You should be able to obtain this log entry > using the get-entries endpoint instead. > > (By the way, the best mailing list for issues about browser-recognized CT > logs is https://groups.google.com/a/chromium.org/g/ct-policy) > > Regards, > Andrew -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/8A993EFE-76A0-4A8A-BF05-B91BBB977BFD%40gmail.com.
