On 04/10/16 07:10, Gervase Markham wrote: <snip> >> [4] https://crt.sh/?cablint=1+week > > This URL is a 404.
Sorry, crt.sh is a bit under the weather right now. Someone submitted a batch of several million certs to the Google CT logs, and this has rather overwhelmed the replication between crt.sh's master DB and slave DBs. The slaves are still catching up at the moment. crt.sh queries are occasionally killed off due to some DB replication issues that I don't yet fully understand. Unfortunately, the current backlog has exacerbated this problem, hence the high number of 404s. crt.sh should be fighting fit again soon though. :-) > Are you simply saying that cablint alerted you to the error? Yes. > Does Comodo run cablint over all certificates post-issuance (or pre-issuance)? Neither. I'd like to run cablint over all certs pre-issuance, but unfortunately it's not practical to do this yet because 1) cablint is too slow and 2) there are some differences of opinion that have been discussed at CABForum but not yet resolved. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy