Hi Matt, > > * It requires JS to do anything useful.
These days, most browsers support JavaScript. You might want to give one a try! ;-) Joking aside, I get where you're coming from, but I don't think this is a hill worth dying on. That battle is mostly lost. Even if I personally preferred the way the "old web" used to work, the industry has largely moved on. Sticking to the old approach often means reinventing the wheel at every step, and I have more productive things to do. I also think having a thin JS client as a website allows to design APIs in a sensible way as they are used first hand. > * The search box only takes subdomains, not other identifiers I'm > commonly interested in (like SPKI fingerprints). You can currently do this by modifying the URL directly, for example: https://www.merklemap.com/certificates/ba7924eedf9c95809bc4f46dce070b946560054e1ad7494e210627bfc57b358a Not the best UX, I'll admit. > * You can't see any details about certificates without an account. > > * Only a subset of search results are apparently available without a > paid account. Merklemap.com isn't sponsored, and the operating costs are substantial. The dataset is massive— even well-funded organizations struggle with the scale of this kind of data, as seen with https://letsencrypt.org/2024/03/14/introducing-sunlight/ even though CT log operators only store a subset of the data, and only provide a very limited set of APIs. Merklemap, on the other hand, is exhaustive. It contains the full history of certificate transparency since its inception. The main database has just under 100 billion rows, spans dozens of terabytes on NVMe storage, and the search index is massive. The system is able to ingest around 100,000 certificates per second (which is useful to handle backlog). That kind of scale isn’t free to operate. I strongly believe that for the health of the ecosystem, services like this need to be self-sustaining. A funded model ensures they can remain available and continue improving. Best, Pierre On Sun, Feb 16, 2025, at 04:07, Matt Palmer wrote: > On Sun, Dec 15, 2024 at 11:09:38PM -0800, Pierre Barre wrote: >> Hi Matt, >> >> I was forwarded this thread, and as its creator, I wanted to reach out >> directly. >> >> Would you mind sharing which specific features you're looking for to make >> it a suitable alternative for your needs? > > Here's a few things off the top of my head: > > * It requires JS to do anything useful. > > * The search box only takes subdomains, not other identifiers I'm > commonly interested in (like SPKI fingerprints). > > * You can't see any details about certificates without an account. > > * Only a subset of search results are apparently available without a > paid account. > > Do your own thing as you like, of course, but merklemap.com is a very, > very different beast to crt.sh. > > - Matt > > -- > You received this message because you are subscribed to the Google > Groups "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/99f0c9fc-76af-4f13-97ce-dba27b376b37%40mtasv.net. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/913dda8d-ae62-4439-bf73-8905480b5011%40app.fastmail.com.
