Hi MDSP, I went looking for corpuses of certificates that may not have been previously logged to CT and found some in the Rapid7 "More SSL" dataset, which captures certificates from their scans of non-HTTPS ports for TLS-speaking services.
I wrote up some findings at http://blog.tim-smith.us/2018/03/moressl-spelunking/. A few highlights include: - of the ~10 million certificates in the corpus, about 20% had valid signatures and chained to roots included in the Mozilla trust store - about 50,000 of the 2 million trusted certificates had not previously been logged - about half of the novel certificates were unexpired There were interesting examples of unexpired, non-compliant, trusted certificates chaining to issuers including GoDaddy, NetLock, Logius, and Entrust. (I have not taken any action to inform issuers of these findings, other than this message and by publishing the certificates to CT logs.) I welcome any feedback or questions about the value of the approach and the findings. Thanks, Tim _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy