Sunlight is a Certificate Transparency log implementation and monitoring API designed for scalability, ease of operation, and reduced cost.
What started as the Sunlight API is now the Static CT API and is allowed by the CT log policies of the major browsers.
Sunlight was designed by Filippo Valsorda for the needs of the WebPKI community, through the feedback of many of its members, and in particular of the Sigsum, Google TrustFabric, and ISRG teams. It is partially based on the Go Checksum Database. Sunlight's development was sponsored by Let's Encrypt.
If you have feedback on the design, please join the conversation on the ct-policy mailing list, or in the #sunlight channel of the transparency-dev Slack.
For more information, read the introductory blog post.
We have a set of resources for various WebPKI stakeholders. Are you…
… a log operator? You can find the open source Sunlight implementation at github.com/FiloSottile/sunlight and the original design document, including a description of the Sunlight architecture and tradeoffs, at filippo.io/a-different-CT-log.
There are other implementations of Static CT: Azul by Cloudflare, which was accompanyed by a detailed blog post that also presents the Static CT and Sunlight designs; and Itko, which exposes both the Static CT and RFC 6962 APIs.
… a CT monitor? An easy to use Go client is available. The Static CT API is fully specified at c2sp.org/static-ct-api, and you can test against the logs below.
You might be happy to know that the object storage backends some Static CT log read paths are nearly rate-limit free!
Andrew Ayer also published Sunglasses, an RFC 6962 compatibility proxy for Static CT logs.
… a certificate authority? You can submit to Sunlight logs like to any other CT log!
You can use the Geomys or Let's Encrypt logs for testing.
… looking for the logo? You can find it here. It's based on a real place in the vicinity of Rome, where the first commit was made. Use it under the terms of the CC BY-ND 4.0 license.