[Add Issuer]: AS207960 test root

TheEnbyperor commented 1 year ago

Mozilla Bugzilla Root Inclusion URL

No response

CA CP/CPS Website URL

https://acmeforonions.org

CT Logs

[ ] Oak (production)
[X] Sapling (testing)

Issuer Certificate

CT Policy

[X] We are subscribed to the Certificate Transparency Policy Google Group

mcpherrinm commented 1 year ago

Hello!

Our intention with our Sapling test log is primarily for CAs who intend to integrate with our production logs (Oak).

We typically recommend test CAs can test against https://github.com/letsencrypt/boulder/tree/main/test/ct-test-srv which implements the submission APIs typically used by CAs.

Do you require these certs to be in a public log?

What volume of test certificates do you expect to be submitted?

Thank you!

TheEnbyperor commented 1 year ago

The CA is supposed to act like any other publicly trusted CA as closely as possible, so inclusion in a public log would be desired.

In terms of volume I expect on the order of dozens a month, or less.

mcpherrinm commented 1 year ago

What's the path forward here? Do you intend to create a public CA that is trusted by the Mozilla or other root programs?

Sapling is really intended as an integration test target prior to using Oak, our trusted logs, and I'm not sure we want to use it for unrelated testing.

TheEnbyperor commented 1 year ago

Do you intend to create a public CA that is trusted by the Mozilla or other root programs?

Yes that is in our plans, however not with this specific public key.

mcpherrinm commented 9 months ago

This log is intended for integration testing in preparation of using Oak for submitting publicly trusted roots.

I'd encourage you to reopen this issue once you're further in that process (ie, once you have begun the process of becoming a publicly trusted CA).

letsencrypt / ct-log-metadata