[SSL Observatory] Passive certificate notarization by an IDS; divergent query protocols

[Von Welch]

Zack,

> I was wondering if anyone has
> already written something that does this (ideally for Bro, but we could talk
> about other IDSes as well).

 A while back I started writing a python-based proxy that could talk
to Perspectives and Convergence (I've since convinced myself its
unlikely to be useful as a proxy, so the projects have mothballed
themselves as such projects do). Reverse engineering the Convergence
protocol took a little effort as I recall. The ICSI scheme didn't
exist then or I didn't know about it at the time.

 Anyway, here's my stand alone python Perspectices client that also
includes Convergence client support:
https://github.com/von/pyPerspectives

 And here's the proxy framework, which I doubt will be useful, but just in case:
https://github.com/von/PerProxy

Von


On Wed, Feb 27, 2013 at 4:35 PM, Zack Weinberg <zackw at cmu.edu> wrote:
> As part of a larger research project I'm thinking about the possibility of
> running notary queries on every certificate that an IDS sees go by. Before I
> sit down and pound out a bunch of code, I was wondering if anyone has
> already written something that does this (ideally for Bro, but we could talk
> about other IDSes as well).  I also noticed that Convergence, Perspectives,
> and the ICSI notary seem to implement three different query protocols (two
> HTTP-based, one DNS-based); this seems like an unfortunate divergence to me,
> and so I am also wondering if there is any plan to document and standardize
> how notaries are queried.
>
> Thanks,
> zw
>
> --
> You received this message because you are subscribed to the Google Groups
> "perspectives-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to perspectives-dev+unsubscribe at googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>