mholt 2 days ago

I don't know much about CT requirements, but can't they prune data out of their logs after some time? Since the certs only last 6 days, the growth of the logs can be capped at some point right? If not now, provisions for such operations could surely be implemented, I imagine.

PS. Neat site!

Reply View 1 reply
  • Eikon 2 days ago

    > I don't know much about CT requirements, but can't they prune data out of their logs after some time? Since the certs only last 6 days, the growth of the logs can be capped at some point right?

    That's what happens - logs are "expired" after a few years. But if you want to have an exhaustive monitor, you probably don't want to discard the records of expired certificates.

    > PS. Neat site!

    Thank you!

    Reply View 0 replies
o11c 2 days ago

Hmm, I wonder if it's possible to do dedicated intermediate certificates that promise to only sign short-lived certificates for a single site? That way the CT-log could be taught to only keep the intermediate?

Reply View 0 replies
[removed] 2 days ago
[deleted]
Reply View 0 replies
sebmellen 2 days ago

What a cool site. For a long time I've been looking for something exactly like this for discovery purposes.

Reply View 1 reply