offer "baseline whitelists" for download #156
Labels
Comments
|
It might be easier to start with geographic whitelists in #161. |
|
We should generate these off the top 1mil websites and maybe other scans. I haven't responded yet to my censys data request... "You Won’t Be Needing These Any More" (Section 5) talks about how many certificates could be removed based on ZMAP scans. For now it's probably ok to have cert-manage download these from github, but should we add a public key to verify? https://github.com/adamdecaf/cert-manage/blob/master/docs/papers/on-removing-unused-certs.pdf |
adamdecaf
added a commit
that referenced
this issue
Mar 11, 2018
Allow them to be gzipped. Scan each columns data and use the first url looking thing. Issue: #156
adamdecaf
changed the title
|
Switching to Maybe as I'm unsure the best way to distribute this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As mentioned in some linked papers often CA's can be trimmed down from the top 1mil domains or similar data sets. Much larger datasets can be used as well, with perhaps a longer tail observed.
It would be handy to offer a few whitelists:
https://scans.io/study/sonar.ssl
https://scans.io/study/scott-top-one-million
https://www.censys.io/data/certificates
The text was updated successfully, but these errors were encountered: