Comments (11)
0xdiba
commented on July 29, 2024
I'm wondering about how we should change the schema to support that.
An idea would be to update the validationInfo struct with a Valid and an Invalid array of strings where we can store the domains according to the validation process.
Following that I don't know how we can save the errors about domains with invalid certificates in a Kibana friendly way...
from tls-observatory.
jvehent
commented on July 29, 2024
Another approach would be to limit the json of a certificate to one certificate for one domain. This way, a SAN certificate with 50 domains would be stored 50 times, and the validation info would be specific to the domain being stored.
It would make querying in Kibana a lot easier than storing the validation in an array.
from tls-observatory.
0xdiba
commented on July 29, 2024
That would me a good approach. How do you propose we change the IDs of the certificates to match that? In ES you can save only one document to each ID so the IDs must be a little different.
Should we append the domain name to the ID? I think this would make searching the domains for a single cert really easy.
Any other idea welcome :)
from tls-observatory.
jvehent
commented on July 29, 2024
I agree with appending the domain to the idea. Does ES have a max length for the ID?
from tls-observatory.
0xdiba
commented on July 29, 2024
No it doesn't have any limit.
Some people mention that it very long ids may slow ES down but I do not
think that our ids are going to be so long.
On 12 Feb 2015 17:07, "Julien Vehent" [email protected] wrote:
I agree with appending the domain to the idea. Does ES have a max length
for the ID?—
Reply to this email directly or view it on GitHub
#18 (comment).
from tls-observatory.
0xdiba
commented on July 29, 2024
Should I change the id format for all the SAN certificates or append the domain only to the certificates that appear more than once ?
from tls-observatory.
jvehent
commented on July 29, 2024
I think it's more than just changing the ID. If we go with this format, a cert record should have only one domain entry, thus replacing Domains []string with Domain string.
The IPs []string behaviour should also be changed to only contain IPs where Domain was seen.
Thus it would make sense to change the ID format for everyone.
from tls-observatory.
0xdiba
commented on July 29, 2024
Of course. That is the implementation I went with i just asked to be sure.
I'm testing the code right now and I'm going to push in a while.
from tls-observatory.
0xdiba
commented on July 29, 2024
from tls-observatory.
jvehent
commented on July 29, 2024
Before I push to prod, could you update the index schema as well?
https://github.com/mozilla/TLS-Observer/blob/master/certificates_schema.json
from tls-observatory.
0xdiba
commented on July 29, 2024
Done.
The only problem we have with the schema is how to store the validation info fields that are built dynamically ( with the name of every truststore ).
from tls-observatory.
Related Issues (20)
- CODE_OF_CONDUCT.md file missing
- Please consider using semver compatible tags
- ssl_prefer_server_ciphers off causes TLS level Non-compliant HOT 1
- Root store results do not match current Firefox HOT 1
- Symantec Cert Waring - False Positives HOT 2
- CI failing to find MS CA cert HOT 2
- panic: runtime error: index out of range [0] with length 0
- Modify CircleCI config to avoid rate limiting.
- Scan API doesn't return results HOT 2
- Add worker health output to __heartbeat__ endpoint. HOT 1
- Wrong ECC keys length ? 512 to 521
- EV Checker: BRs no longer require OCSP URI in the AIA of intermediate certificates HOT 1
- EV Checker: resulting message confusing
- Error initializing top1m
- Please correct the IsTechnicallyConstrained logic in the certificate tool
- Build fail on power machine
- Crypto Go :we are a research group to help developers build secure applications.
- Add support for PSS algorithms in /certificates and certsplainer
- TLS Observatory does not recognize Let's Encrypt Certs HOT 11
- TLS Observatory: certsplainer.html displaying incorrect data
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tls-observatory.