[SSL Observatory] crlwatch

Peter Eckersley pde at eff.org
Fri Mar 18 09:41:21 PDT 2011


This runs largely replicates the functionality of the
questions/crl_blacklist/check_crls.py script in the Observatory source code.

That script only fetches CRLs that pertain to the weak debian keys, though
removing the "natual join" clause from its MySQL query in main() will change
that.  check_crls.py writes the results into a "revoked" table, which is
pretty handy for writing investigative queries.

Note that check_crls.py is lazy about what it downloads: it won't re-fetch a
CRL if there's already a copy of it in the current directory.

On Fri, Mar 18, 2011 at 01:04:38AM -0700, Jacob Appelbaum wrote:
> Hi,
> 
> I've started a new project that may be a useful observatory sub-project:
> https://github.com/ioerror/crlwatch
> 
> The goal of the crlwatch project is to track which CRLs are known and
> accessible on the public internet, to download, cache, and to analyze
> the CRL content on a regular basis.
> 
> All the best,
> Jacob

-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993



More information about the Observatory mailing list