In the early days of implementing Certificate Transparency-related policies, not many CT log operators joined them. This premise forces Google to mandate that all certificates must be logged to at least one log run by Google.
From March 2021, Chrome deploys and continues to improve SCT auditing to provide additional security, regardless of where certificates are recorded. Starting in April 2022, Chrome will use a new CT policy that removes the “One Google Log” requirement.
Before reading this requirement, we need to understand that CT (Certificate Transparency) is an Internet security standard for monitoring and auditing digital certificates, which creates a public logging system designed to ultimately record certificates issued by public information All certificates issued by the organization, thus effectively identifying certificates issued by mistake or maliciously.
It is proposed in Chrome 100, which is planned to be launched in April 2022: From April 15, 2022, Chrome will no longer require that TLS certificates must be entered into the CT log run by Google for successful verification; at the same time, since April 15, 2022, or The digital certificate issued afterward and the certificate in the SCT is valid for more than 180 days must contain at least 3 SCTs from different CT logs.
This is a big step forward for the CT ecosystem. Organizations that have been recognized and included in the list of available logs of the CT Ecological Alliance include Google, DigiCert, TrustAsia, etc.
