On Sun, Feb 16, 2025 at 06:19:42PM +0100, Pierre Barre wrote: > > > * It requires JS to do anything useful. > > These days, most browsers support JavaScript. You might want to give one a > try! ;-)
Yeah, that's the kind of snide remark that gets you negative credibility points. There are significant security and privacy downsides to unfettered JavaScript execution. Also, you asked for my time to provide you with assistance with your commercial endeavour in identifying gaps between your service and crt.sh, and one of the primary differences is that crt.sh does not require JS to work. > > * The search box only takes subdomains, not other identifiers I'm > > commonly interested in (like SPKI fingerprints). > > You can currently do this by modifying the URL directly, for example: > > https://www.merklemap.com/certificates/ba7924eedf9c95809bc4f46dce070b946560054e1ad7494e210627bfc57b358a > > Not the best UX, I'll admit. It's a terrible UX. Also, hitting that URL redirects to a sign-in page, which highlights another *huge* difference to crt.sh: your service cannot be used as a means to reference certificates in any public discussion or incident report. - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/665d449e-1345-4e32-a09e-3becbcf93bc4%40mtasv.net.
