undefined | Better HN

0 pointstonymet8mo ago0 comments

it seems more ad-hoc, bounty-driven , rather than systematic. is that a fair perspective?

0 comments

agwa8mo ago

I wish there were bounties :-)

There is systematic checking - e.g. crt.sh continuously runs linters on certificates found in CT logs, I continuously monitor domains which are likely to be used in test certificates (e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1496088), and it appears the Chrome root program has started doing some continuous compliance monitoring based on CT as well.

But there is certainly a lot of ad-hoc checking by community members and academics, which as Sleevi said is one of the great things that CT enables.

tonymetOP8mo ago

Thanks for highlighting that— and for the efforts to assemble this project. Honestly before this post about the CT logs i hadn’t been aware of systematic auditing being done.

j / k navigate · click thread line to collapse

0 comments

agwa8mo ago

I wish there were bounties :-)

But there is certainly a lot of ad-hoc checking by community members and academics, which as Sleevi said is one of the great things that CT enables.

tonymetOP8mo ago

Thanks for highlighting that— and for the efforts to assemble this project. Honestly before this post about the CT logs i hadn’t been aware of systematic auditing being done.

j / k navigate · click thread line to collapse