given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf

Reply to given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf on Thu, 21 May 2026 10:03:02 GMT

alyx@frogs.lgbt — Thu, 21 May 2026 10:03:02 GMT

@q @mpiinf I loved the versatility of them literally just having an open read-only Postgres, but not so much the fact where any random user just pull the IPs of everyone connected to it

so really just a versatile way to query things

Reply to given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf on Thu, 21 May 2026 09:53:01 GMT

eloy@hsnl.social — Thu, 21 May 2026 09:53:01 GMT

@domi @q @mpiinf I'd go further: especially if you have implemented CAA records, that happening would already be a huge controversy. To prevent alert fatigue you should be getting emails only when you get a cert you have not requested yourself. But with an API, anything is possible at zombo Com Transparency

Reply to given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf on Thu, 21 May 2026 09:36:09 GMT

domi@donotsta.re — Thu, 21 May 2026 09:36:09 GMT

@q@glauca.space @mpiinf@wisskomm.social after some pondering: opt-in e-mail notifs that someone generated a cert for your domain with a different CA/chain than usual would be nice. alternatively, an API which could be used to implement the same thing on my side

Reply to given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf on Thu, 21 May 2026 09:33:02 GMT

q@glauca.space — Thu, 21 May 2026 09:33:02 GMT

@domi @mpiinf not crashing all the time is top of the list

Reply to given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf on Thu, 21 May 2026 09:27:20 GMT

wheresalice@woof.tech — Thu, 21 May 2026 09:27:20 GMT

@q RSS feeds that at least sometimes actually return data

Reply to given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf on Thu, 21 May 2026 09:11:48 GMT

radex@social.hackerspace.pl — Thu, 21 May 2026 09:11:48 GMT

@q notifications (webhook) for new certificate issuances for a given domain/wildcard would be good for monitoring

Reply to given the general, shall we say, unreliability of crt.sh, I've been considering doing our own CT monitor at the @mpiinf on Thu, 21 May 2026 09:06:41 GMT

domi@donotsta.re — Thu, 21 May 2026 09:06:41 GMT

@q@glauca.space @mpiinf@wisskomm.social search that doesn't time out 3/4 of the time?

i have relatively few requirements, this would be really useful if it materializes