[SSL Observatory] Passive certificate notarization by an IDS; divergent query protocols
Zack Weinberg
zackw at cmu.edu
Wed Feb 27 13:35:15 PST 2013
As part of a larger research project I'm thinking about the possibility
of running notary queries on every certificate that an IDS sees go by.
Before I sit down and pound out a bunch of code, I was wondering if
anyone has already written something that does this (ideally for Bro,
but we could talk about other IDSes as well). I also noticed that
Convergence, Perspectives, and the ICSI notary seem to implement three
different query protocols (two HTTP-based, one DNS-based); this seems
like an unfortunate divergence to me, and so I am also wondering if
there is any plan to document and standardize how notaries are queried.
Thanks,
zw
More information about the Observatory
mailing list