Thanks, zw
As part of a larger research project I'm thinking about the possibility
of running notary queries on every certificate that an IDS sees go by.
Before I sit down and pound out a bunch of code, I was wondering if
anyone has already written something that does this (ideally for Bro,
but we could talk about other IDSes as well). I also noticed that
Convergence, Perspectives, and the ICSI notary seem to implement three
different query protocols (two HTTP-based, one DNS-based); this seems
like an unfortunate divergence to me, and so I am also wondering if
there is any plan to document and standardize how notaries are queried.
- [SSL Observatory] Passive certificate notarization by a... Zack Weinberg
- Re: [SSL Observatory] Passive certificate notariza... Seth Hall
- Re: [SSL Observatory] [Notary] Passive certificate... Matthias Vallentin
- Re: [SSL Observatory] [Notary] Passive certifi... Zack Weinberg
- Re: [SSL Observatory] Passive certificate notariza... Von Welch
