Internet Assigned Numbers Authority

Public Notary Transparency

Created
2021-08-04
Last Updated
2021-12-14
Available Formats

XML

HTML

Plain text

Registries included below

Hash Algorithms

Expert(s)
Unassigned
Reference
[RFC9162]
Available Formats

CSV
Range Registration Procedures
0x00-0xDF Specification Required
0xE0-0xEF Experimental Use
0xF0-0xFF Private Use
Value Hash Algorithm OID Reference
0x00 SHA-256 2.16.840.1.101.3.4.2.1 [RFC6234]
0x01-0xDF Unassigned
0xE0-0xEF Reserved for Experimental Use [RFC9162]
0xF0-0xFF Reserved for Private Use [RFC9162]

Signature Algorithms

Expert(s)
Unassigned
Reference
[RFC9162]
Note
This is a subset of the "TLS SignatureScheme" registry, limited to
those algorithms that are appropriate for CT.  A major advantage
of this is leveraging the expertise of the TLS Working Group and
its designated expert(s).
    
Note
The value 0x0403 appears twice.  While this may be confusing, it
is okay because the verification process is the same for both
algorithms, and the choice of which to use when generating a
signature is purely internal to the log server.
    
Available Formats

CSV
Range Registration Procedures
0x0000-0x0807 Specification Required
0x0808-0xFDFF Expert Review
0xFE00-0xFEFF Experimental Use
0xFF00-0xFFFF Private Use
SignatureScheme Value Signature Algorithm Reference
0x0000-0x0402 Unassigned
ecdsa_secp256r1_sha256 (0x0403) ECDSA (NIST P-256) with SHA-256 [FIPS186-4]
ecdsa_secp256r1_sha256 (0x0403) Deterministic ECDSA (NIST P-256) with HMAC-SHA256 [RFC6979]
0x0404-0x0806 Unassigned
ed25519 (0x0807) Ed25519 (PureEdDSA with the edwards25519 curve) [RFC8032]
0x0808-0xFDFF Unassigned
0xFE00-0xFEFF Reserved for Experimental Use [RFC9162]
0xFF00-0xFFFF Reserved for Private Use [RFC9162]

VersionedTransTypes

Expert(s)
Unassigned
Reference
[RFC9162]
Note
The range 0x0000-0x00FF is reserved so that v1 SCTs are
distinguishable from v2 SCTs and other TransItem structures.
    
Available Formats

CSV
Range Registration Procedures
0x0100-0xDFFF Specification Required
0xE000-0xEFFF Experimental Use
0xF000-0xFFFF Private Use
Value Type and Version Reference
0x0000-0x00FF Reserved [RFC6962]
0x0100 x509_entry_v2 [RFC9162]
0x0101 precert_entry_v2 [RFC9162]
0x0102 x509_sct_v2 [RFC9162]
0x0103 precert_sct_v2 [RFC9162]
0x0104 signed_tree_head_v2 [RFC9162]
0x0105 consistency_proof_v2 [RFC9162]
0x0106 inclusion_proof_v2 [RFC9162]
0x0107-0xDFFF Unassigned
0xE000-0xEFFF Reserved for Experimental Use [RFC9162]
0xF000-0xFFFF Reserved for Private Use [RFC9162]

Log Artifact Extensions

Expert(s)
Unassigned
Reference
[RFC9162]
Available Formats

CSV
Range Registration Procedures
0x0000-0xDFFF Specification Required
0xE000-0xEFFF Experimental Use
0xF000-0xFFFF Private Use
ExtensionType Status Use Reference
0x0000-0xDFFF Unassigned n/a
0xE000-0xEFFF Reserved for Experimental Use n/a [RFC9162]
0xF000-0xFFFF Reserved for Private Use n/a [RFC9162]

Log IDs

Registration Procedure(s)
First Come First Served
Reference
[RFC9162]
Note
All OIDs in the range from 1.3.101.8192 to 1.3.101.16383 have been
set aside for Log IDs.  This is a limited resource of 8,192 OIDs,
each of which has an encoded length of 4 octets.
    
Note
The 1.3.101.80 arc has also been set aside for Log IDs.  This is an
unlimited resource, but only the 128 OIDs from 1.3.101.80.0 to
1.3.101.80.127 have an encoded length of only 4 octets.
    
Available Formats

CSV
Log ID Log Base URL Log Operator Reference
1.3.101.8192-1.3.101.16383 Unassigned Unassigned
1.3.101.80.0-1.3.101.80.* Unassigned Unassigned

Error Types

Registration Procedure(s)
Specification Required
Expert(s)
Unassigned
Reference
[RFC9162]
Available Formats

CSV
Identifier Meaning Reference
malformed The request could not be parsed. [RFC9162]
badSubmission submission is neither a valid certificate nor a valid precertificate. [RFC9162]
badType type is neither 1 nor 2. [RFC9162]
badChain The first element of chain is not the certifier of the submission, or the second element does not certify the first, etc. [RFC9162]
badCertificate One or more certificates in the chain are not valid (e.g., not properly encoded). [RFC9162]
unknownAnchor The last element of chain (or, if chain is an empty array, the submission) is not, and nor is it certified by, an accepted trust anchor. [RFC9162]
shutdown The log is no longer accepting submissions. [RFC9162]
firstUnknown first is before the latest known STH but is not from an existing STH. [RFC9162]
secondUnknown second is before the latest known STH but is not from an existing STH. [RFC9162]
secondBeforeFirst second is smaller than first. [RFC9162]
hashUnknown hash is not the hash of a known leaf (may be caused by skew or by a known certificate not yet merged). [RFC9162]
treeSizeUnknown hash is before the latest known STH but is not from an existing STH. [RFC9162]
startUnknown start is greater than the number of entries in the Merkle Tree. [RFC9162]
endBeforeStart start cannot be greater than end. [RFC9162]