given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf

q@glauca.space

given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf

so, dearest security research community, what would you like to see in a CT monitor?

pls boost!

domi@donotsta.re

@q@glauca.space @mpiinf@wisskomm.social search that doesn't time out 3/4 of the time?

i have relatively few requirements, this would be really useful if it materializes

radex@social.hackerspace.pl

@q notifications (webhook) for new certificate issuances for a given domain/wildcard would be good for monitoring

wheresalice@woof.tech

@q RSS feeds that at least sometimes actually return data

q@glauca.space

@domi @mpiinf not crashing all the time is top of the list

domi@donotsta.re

@q@glauca.space @mpiinf@wisskomm.social after some pondering: opt-in e-mail notifs that someone generated a cert for your domain with a different CA/chain than usual would be nice. alternatively, an API which could be used to implement the same thing on my side

eloy@hsnl.social

@domi @q @mpiinf I'd go further: especially if you have implemented CAA records, that happening would already be a huge controversy. To prevent alert fatigue you should be getting emails only when you get a cert you have not requested yourself. But with an API, anything is possible at zombo Com Transparency

alyx@frogs.lgbt

@q @mpiinf I loved the versatility of them literally just having an open read-only Postgres, but not so much the fact where any random user just pull the IPs of everyone connected to it

so really just a versatile way to query things