I'm currently grabbing certs from Censys's BigQuery extracts and submitting them to the Argon logs (and Daedalus/Rocketeer for certs that fall before/after Argon's not-after range).
There's a fair bit of latency in the process; I'm only running this script weekly (it costs about $4 a pop in BigQuery usage alone) and Censys only updates BigQuery every couple days. But there are only a handful of certs in the Censys corpus as of a couple weeks ago that are not also in CT. [1] I've talked with Censys about them doing this directly, and my impression was that it's something they're in support of but not something they have the bandwidth to do themselves right now. Alex [1] https://censys.io/certificates?q=metadata.added_at%3A%5B*+TO+2018-03-15%5D+and+not+tags.raw%3Act+and+validation.google_ct_primary.valid%3A+true On Sat, Mar 31, 2018 at 7:41 PM, Tim Smith via dev-security-policy <[email protected]> wrote: > On Sat, Mar 31, 2018 at 3:26 PM, Kurt Roeckx <[email protected]> wrote: >> Have you done the for their other scans? > > I haven't. The Rapid7 HTTPS corpus is much larger; I'm not sure my > approach will scale that far and I imagine the new discovery rate will > be lower. > > Censys has been interested in submitting new certificates to CT in the > past [1]; I wonder if they've resumed. > > Tim > > [1] > https://groups.google.com/a/censys.io/d/msg/discussion/nrbN70xegEs/dmbunh7jAgAJ > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
