home tags events about login
one honk maybe more

benjojo posted 09 May 2025 18:07 +0000

Introducing the "Tuscolo" Certificate Transparency logs, a new thing that @filippo and I am operating:

https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSxg

For a while the certificate transparency ecosystem has been struggling to keep up with correctness (basically never roll back) and reliability (99% uptime) requirements, to address this there is a updated standard that @filippo worked on, Since he also worked on the first serious implementation of this new standard "sunlight", Port 179 LTD (me) and Geomys (Filippo and friends) are now running a log running this, ensuring there is "skin in the game" for this spec.

This log will be different from the traditional set up of CT logs that involve large MySQL or Cassandra clusters, and instead we just have a single reasonably low cost "bare metal" AMD machine. We expect this log to be around 50 times cheaper to operate than the established CT logs based in the "hyperscalers" (AWS/GCP/Azure/etc).

Tuscolo is currently receiving all Lets Encrypt certificates (as they are issued), hopefully there will be more CA's to come once we have full acceptance in the web browsers (we will likely be the first for a sunlight/new spec log to be accepted)

The "Guess we are doing cirles" meme, but instead the triangles are bgp.tools logos and the circle is the Sunlight CT Log logo, the guy is saying "I guess we doin CT Logs now"