[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #33602 [Internal Services/Services Admin Team]: monitor certificate transparency log

To: undisclosed-recipients: ;
Subject: [tor-bugs] #33602 [Internal Services/Services Admin Team]: monitor certificate transparency log
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 12 Mar 2020 19:36:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 Mar 2020 15:36:41 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33602: monitor certificate transparency log
-------------------------------------------------+-------------------------
     Reporter:  anarcat                          |      Owner:  (none)
         Type:  task                             |     Status:  new
     Priority:  Low                              |  Milestone:
    Component:  Internal Services/Services       |    Version:
  Admin Team                                     |
     Severity:  Major                            |   Keywords:
Actual Points:                                   |  Parent ID:
       Points:                                   |   Reviewer:
      Sponsor:                                   |
-------------------------------------------------+-------------------------
 we should use something like SSLMate.com or certspotter to monitor
 certificates issued in our place.

 https://github.com/SSLMate/certspotter

 this could be ran on nevii, nagios or pauli. it's unclear what we should
 do with the output, there will be possibly be lots of false positive, as
 the certificates will appear in our logs every time one of our cert is
 (legitimitely) renewed.

 it's a debian package since buster. i ran a test locally, and it's
 basically:

 {{{
 sed 's/ /\n/g;/^#/d;/^ *$/d' letsencryt-domains/domains  | sort |
 certspotter -watchlist -
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33602>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #33602 [Internal Services/Services Admin Team]: monitor certificate transparency log
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #33725 [Applications/Tor Browser]: Unexcpect Closed When Save a Page
Next by Author: Re: [tor-bugs] #33650 [Core Tor/Tor]: Verify that intro2 cell extensions actually work
Previous by thread: Re: [tor-bugs] #31201 [Circumvention/Snowflake]: Allow webextension users to specify how many resources it uses
Next by thread: Re: [tor-bugs] #33602 [Internal Services/Services Admin Team]: monitor certificate transparency log
Index(es):
- Author
- Thread