-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
offer "baseline whitelists" for download #156
Comments
It might be easier to start with geographic whitelists in #161. |
We should generate these off the top 1mil websites and maybe other scans. I haven't responded yet to my censys data request... "You Won’t Be Needing These Any More" (Section 5) talks about how many certificates could be removed based on ZMAP scans. For now it's probably ok to have cert-manage download these from github, but should we add a public key to verify? https://github.com/adamdecaf/cert-manage/blob/master/docs/papers/on-removing-unused-certs.pdf |
Allow them to be gzipped. Scan each columns data and use the first url looking thing. Issue: #156
Switching to Maybe as I'm unsure the best way to distribute this. |
As mentioned in some linked papers often CA's can be trimmed down from the top 1mil domains or similar data sets. Much larger datasets can be used as well, with perhaps a longer tail observed.
It would be handy to offer a few whitelists:
https://scans.io/study/sonar.ssl
https://scans.io/study/scott-top-one-million
https://www.censys.io/data/certificates
The text was updated successfully, but these errors were encountered: