Public Notary Transparency
- Created
- 2021-08-04
- Last Updated
- 2021-12-14
- Available Formats
-
XML
HTML
Plain text
Registries included below
- Hash Algorithms
- Signature Algorithms
- VersionedTransTypes
- Log Artifact Extensions
- Log IDs
- Error Types
Hash Algorithms
- Expert(s)
-
Unassigned
- Reference
- [RFC9162]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| 0x00-0xDF | Specification Required |
| 0xE0-0xEF | Experimental Use |
| 0xF0-0xFF | Private Use |
| Value | Hash Algorithm | OID | Reference |
|---|---|---|---|
| 0x00 | SHA-256 | 2.16.840.1.101.3.4.2.1 | [RFC6234] |
| 0x01-0xDF | Unassigned | ||
| 0xE0-0xEF | Reserved for Experimental Use | [RFC9162] | |
| 0xF0-0xFF | Reserved for Private Use | [RFC9162] |
Signature Algorithms
- Expert(s)
-
Unassigned
- Reference
- [RFC9162]
- Note
-
This is a subset of the "TLS SignatureScheme" registry, limited to those algorithms that are appropriate for CT. A major advantage of this is leveraging the expertise of the TLS Working Group and its designated expert(s). - Note
-
The value 0x0403 appears twice. While this may be confusing, it is okay because the verification process is the same for both algorithms, and the choice of which to use when generating a signature is purely internal to the log server. - Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| 0x0000-0x0807 | Specification Required |
| 0x0808-0xFDFF | Expert Review |
| 0xFE00-0xFEFF | Experimental Use |
| 0xFF00-0xFFFF | Private Use |
| SignatureScheme Value | Signature Algorithm | Reference |
|---|---|---|
| 0x0000-0x0402 | Unassigned | |
| ecdsa_secp256r1_sha256 (0x0403) | ECDSA (NIST P-256) with SHA-256 | [FIPS186-4] |
| ecdsa_secp256r1_sha256 (0x0403) | Deterministic ECDSA (NIST P-256) with HMAC-SHA256 | [RFC6979] |
| 0x0404-0x0806 | Unassigned | |
| ed25519 (0x0807) | Ed25519 (PureEdDSA with the edwards25519 curve) | [RFC8032] |
| 0x0808-0xFDFF | Unassigned | |
| 0xFE00-0xFEFF | Reserved for Experimental Use | [RFC9162] |
| 0xFF00-0xFFFF | Reserved for Private Use | [RFC9162] |
VersionedTransTypes
- Expert(s)
-
Unassigned
- Reference
- [RFC9162]
- Note
-
The range 0x0000-0x00FF is reserved so that v1 SCTs are distinguishable from v2 SCTs and other TransItem structures. - Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| 0x0100-0xDFFF | Specification Required |
| 0xE000-0xEFFF | Experimental Use |
| 0xF000-0xFFFF | Private Use |
| Value | Type and Version | Reference |
|---|---|---|
| 0x0000-0x00FF | Reserved | [RFC6962] |
| 0x0100 | x509_entry_v2 | [RFC9162] |
| 0x0101 | precert_entry_v2 | [RFC9162] |
| 0x0102 | x509_sct_v2 | [RFC9162] |
| 0x0103 | precert_sct_v2 | [RFC9162] |
| 0x0104 | signed_tree_head_v2 | [RFC9162] |
| 0x0105 | consistency_proof_v2 | [RFC9162] |
| 0x0106 | inclusion_proof_v2 | [RFC9162] |
| 0x0107-0xDFFF | Unassigned | |
| 0xE000-0xEFFF | Reserved for Experimental Use | [RFC9162] |
| 0xF000-0xFFFF | Reserved for Private Use | [RFC9162] |
Log Artifact Extensions
- Expert(s)
-
Unassigned
- Reference
- [RFC9162]
- Available Formats
-
CSV
| Range | Registration Procedures |
|---|---|
| 0x0000-0xDFFF | Specification Required |
| 0xE000-0xEFFF | Experimental Use |
| 0xF000-0xFFFF | Private Use |
| ExtensionType | Status | Use | Reference |
|---|---|---|---|
| 0x0000-0xDFFF | Unassigned | n/a | |
| 0xE000-0xEFFF | Reserved for Experimental Use | n/a | [RFC9162] |
| 0xF000-0xFFFF | Reserved for Private Use | n/a | [RFC9162] |
Log IDs
- Registration Procedure(s)
-
First Come First Served
- Reference
- [RFC9162]
- Note
-
All OIDs in the range from 1.3.101.8192 to 1.3.101.16383 have been set aside for Log IDs. This is a limited resource of 8,192 OIDs, each of which has an encoded length of 4 octets. - Note
-
The 1.3.101.80 arc has also been set aside for Log IDs. This is an unlimited resource, but only the 128 OIDs from 1.3.101.80.0 to 1.3.101.80.127 have an encoded length of only 4 octets. - Available Formats
-
CSV
| Log ID | Log Base URL | Log Operator | Reference |
|---|---|---|---|
| 1.3.101.8192-1.3.101.16383 | Unassigned | Unassigned | |
| 1.3.101.80.0-1.3.101.80.* | Unassigned | Unassigned |
Error Types
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC9162]
- Available Formats
-
CSV
| Identifier | Meaning | Reference |
|---|---|---|
| malformed | The request could not be parsed. | [RFC9162] |
| badSubmission | submission is neither a valid certificate nor a valid precertificate. | [RFC9162] |
| badType | type is neither 1 nor 2. | [RFC9162] |
| badChain | The first element of chain is not the certifier of the submission, or the second element does not certify the first, etc. | [RFC9162] |
| badCertificate | One or more certificates in the chain are not valid (e.g., not properly encoded). | [RFC9162] |
| unknownAnchor | The last element of chain (or, if chain is an empty array, the submission) is not, and nor is it certified by, an accepted trust anchor. | [RFC9162] |
| shutdown | The log is no longer accepting submissions. | [RFC9162] |
| firstUnknown | first is before the latest known STH but is not from an existing STH. | [RFC9162] |
| secondUnknown | second is before the latest known STH but is not from an existing STH. | [RFC9162] |
| secondBeforeFirst | second is smaller than first. | [RFC9162] |
| hashUnknown | hash is not the hash of a known leaf (may be caused by skew or by a known certificate not yet merged). | [RFC9162] |
| treeSizeUnknown | hash is before the latest known STH but is not from an existing STH. | [RFC9162] |
| startUnknown | start is greater than the number of entries in the Merkle Tree. | [RFC9162] |
| endBeforeStart | start cannot be greater than end. | [RFC9162] |