CTPolicy: always try to get SCTs from a tiled log first (#8676)

aarongable · web-flow · commit 429d8b54ac47 · 2026-03-23T15:36:20.000-04:00
The Mozilla root program would really appreciate it if more certificates
contained SCTs from tiled logs. This is because their revocation
mechanism, CRLite, can only return a definitive answer for the status of
a certificate after the MMD of at least one SCT on that cert has passed.
Once the MMD has passed, CRLite can guarantee that it has included the
cert in the total cert population while constructing its clubcard
filters, and therefore can prevent any false positives or negatives for
that cert. But RFC 6962 log typically have MMDs of 24h, while static
logs have MMDs of ~1s (and are much easier for the CRLite infrastructure
to read from), so CRLite works better when more certs have SCTs from
static logs.

Today, we treat tiled (static-ct-api) and untiled (rfc 6962) logs nearly
the same when submitting precerts to get SCTs. We shuffle them together,
pick two, attempt to get SCTs for a couple seconds, and if one or both
are too slow, attempt to get SCTs from other logs further down the
shuffled list.

However, this doesn't actually result in a large proportion of our certs
having static SCTs, for two reasons. First, there just aren't that many
static logs: of the 11 logs we get SCTs from, only 4 are tiled. So
simple statistics dictate that only about 36% of our certs will have one
static SCT. Second, static logs have a slower write path, so we're more
likely to give up on a submission to a static log and move on to
attempting to submit to an RFC 6962 log instead.

In order to give our certs a higher chance of containing an SCT from a
static log, always ensure that a tiled log appears in the first two logs
we submit to. This won't be a guarantee -- that log could be slow and we
could get SCTs from the second and third logs in the shuffled list --
but it should bump our static SCT population from 36% to somewhere north
of 90%.
diff --git a/ctpolicy/ctpolicy.go b/ctpolicy/ctpolicy.go
@@ -111,7 +111,7 @@ func (ctp *CTPolicy) GetSCTs(ctx context.Context, cert core.CertDER, expiration
 	// Identify the set of candidate logs whose temporal interval includes this
 	// cert's expiry. Randomize the order of the logs so that we're not always
 	// trying to submit to the same two.
-	logs := ctp.sctLogs.ForTime(expiration).Permute()
+	logs := ctp.sctLogs.ForTime(expiration).Shuffle()
 	if len(logs) < 2 {
 		return nil, berrors.MissingSCTsError("Insufficient CT logs available (%d)", len(logs))
 	}
diff --git a/ctpolicy/loglist/loglist.go b/ctpolicy/loglist/loglist.go
@@ -226,13 +226,25 @@ func (ll List) ForTime(expiry time.Time) List {
 	return res
 }
 
-// Permute returns a new log list containing the exact same logs, but in a
-// randomly-shuffled order.
-func (ll List) Permute() List {
+// Shuffle returns a new log list containing the exact same logs, but in a
+// nearly-randomly-shuffled order. If possible, it ensures that the first two
+// logs consist of one tiled log and one non-tiled log, to boost the percentage
+// of certs which include an SCT from a static log.
+func (ll List) Shuffle() List {
 	res := slices.Clone(ll)
 	rand.Shuffle(len(res), func(i int, j int) {
 		res[i], res[j] = res[j], res[i]
 	})
+	if len(res) > 2 && res[0].Tiled == res[1].Tiled {
+		// If we have more than two logs, and both are either tiled or not,
+		// try to bring another log to the front of the list.
+		for i := 2; i < len(res); i++ {
+			if res[0].Tiled != res[i].Tiled {
+				res[0], res[i] = res[i], res[0]
+				break
+			}
+		}
+	}
 	return res
 }
 
diff --git a/ctpolicy/loglist/loglist_test.go b/ctpolicy/loglist/loglist_test.go
@@ -160,7 +160,7 @@ func TestForTime(t *testing.T) {
 	test.AssertDeepEquals(t, actual, expected)
 }
 
-func TestPermute(t *testing.T) {
+func TestShuffle(t *testing.T) {
 	input := List{
 		Log{Name: "Log A1"},
 		Log{Name: "Log A2"},
@@ -176,7 +176,7 @@ func TestPermute(t *testing.T) {
 	}
 
 	for range 100 {
-		actual := input.Permute()
+		actual := input.Shuffle()
 		for index, log := range actual {
 			foundIndices[log.Name][index]++
 		}
@@ -191,6 +191,30 @@ func TestPermute(t *testing.T) {
 	}
 }
 
+func TestShufflePrefersTiled(t *testing.T) {
+	input := List{
+		Log{Name: "Log A1"},
+		Log{Name: "Log A2"},
+		Log{Name: "Log T1", Tiled: true},
+	}
+
+	foundIndices := make(map[string]map[int]int)
+	for _, log := range input {
+		foundIndices[log.Name] = make(map[int]int)
+	}
+
+	for range 100 {
+		actual := input.Shuffle()
+		for index, log := range actual {
+			foundIndices[log.Name][index]++
+		}
+	}
+
+	if foundIndices["Log T1"][2] != 0 {
+		t.Errorf("Tiled log should have always been pulled into first two indices")
+	}
+}
+
 func TestGetByID(t *testing.T) {
 	input := List{
 		Log{Name: "Log A1", Id: "ID A1"},

Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ func (ctp *CTPolicy) GetSCTs(ctx context.Context, cert core.CertDER, expiration`
`111`	`111`	`// Identify the set of candidate logs whose temporal interval includes this`
`112`	`112`	`// cert's expiry. Randomize the order of the logs so that we're not always`
`113`	`113`	`// trying to submit to the same two.`
`114`		`- logs := ctp.sctLogs.ForTime(expiration).Permute()`
	`114`	`+ logs := ctp.sctLogs.ForTime(expiration).Shuffle()`
`115`	`115`	`if len(logs) < 2 {`
`116`	`116`	`return nil, berrors.MissingSCTsError("Insufficient CT logs available (%d)", len(logs))`
`117`	`117`	`}`