On Mon, Apr 15, 2024 at 7:15 AM Andrew Ayer <[email protected]> wrote:
> Are the challenges with acquiring a full list of affected certificates > applicable only to expired certificates, or also unexpired certificates? > Only to expired certificates. Let's Encrypt did provide the full data on all unexpired certificates in that incident report. All statements in my email above were with regards to going *further* than that to additionally provide data on certificates that were already untrusted in the WebPKI due to expiration. > What makes your database for expired certificates less easily-queryable? > We do not maintain a database of expired certificates. As I said, Let's Encrypt prunes data regarding long-since-expired certificates from the database to prevent it from growing without bound. Audit log data is of course retained for the period required by the BRs, but searching text logs stored on magnetic tape is much harder than querying structured databases. > Does it require additional staff time to query, or is it just a matter > of waiting for a query to complete? > Both. Writing, debugging, testing, and validating the scripts which perform custom searches across text data takes longer than writing database queries, and then executing those scripts against terabytes of logs takes longer than running database queries. > How much longer would incident response and remediation take if you had > to query your last 2 years of expired and unexpired certificates, as > opposed to only unexpired certificates? > Based on our more recent incident, which did require going to tape to query logs covering the last ~2 years, I estimate that it would have added a week to the investigation. Thanks, Aaron -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAEmnErfM7Ae8Kx8NxHcd%2BEBQ2soXB4Q4xcOwG%3DwZcyV-Lhr83Q%40mail.gmail.com.
