API for searching the CT Logs?
1,781 views
Skip to first unread message
Topper Bowers
Sep 12, 2017, 3:48:06 AM9/12/17
to certificate-transparency
Hi!
Are there any APIs for searching the CT logs that allow for commercial use? I can't find any licensing on crt.sh. Google's search ( https://www.google.com/transparencyreport/https/ct/ ) seems to imply in the Terms that it's not allowed to be used by API. Consensys seems to allow API access with attribution (which is great), but I'd like to have some redundancy.
I'd specifically like to use a 3rd party so that my service doesn't need to be trusted. My usecase is having client-installed software (sometimes on mobile) search for inclusion (and no-erroneous entries) at startup (rather than continuously monitoring). How does the firefox upgrade client plan to search the CT logs for its merkle hash?
Thanks for any info!
Topper
Rob Stradling
Sep 21, 2017, 6:33:19 AM9/21/17
to certificate-...@googlegroups.com, Topper Bowers
On 12/09/17 07:53, Topper Bowers wrote:
> Hi!
>
> Are there any APIs for searching the CT logs that allow for commercial
> use? I can't find any licensing on crt.sh.
<snip>
> Hi!
>
> Are there any APIs for searching the CT logs that allow for commercial
> use? I can't find any licensing on crt.sh.
Hi Topper.
The only restrictions for https://crt.sh/ that I can think of are:
- we automatically terminate long-running queries.
- we reserve the right to block users that we deem to be abusing the
service (e.g., DoS attacks).
- we don't guarantee uptime (but we do our best ).
The aim is simply to make the data on crt.sh freely available to
everyone, whilst recognizing that Comodo's capacity to serve that data
is not unlimited.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Shubham Agarwal
Nov 8, 2017, 9:12:52 AM11/8/17
to certificate-transparency
Rob Stradling
Nov 8, 2017, 9:17:48 AM11/8/17
to certificate-...@googlegroups.com, Shubham Agarwal
Hi Shubham.
Any certificate can be submitted to any log that will accept it, so what
you have observed is not in any way surprising.
Indeed, Chrome's CT policy requires certificates to be submitted to
multiple logs.
On 08/11/17 13:15, Shubham Agarwal wrote:
> Hey Robb can you plz explain that for same CA (Lets Encrypt) why there
> are different no of fields available in Certificate Transparency header
> on cert.sh ?
>
> Plz refer crt.sh ID - 218850046 <https://crt.sh/?id=218850046>,
> 249746719 <https://crt.sh/?id=249746719> and 233465075
> <https://crt.sh/?id=233465075>. In Certificate transparency 4,5 and 3
Any certificate can be submitted to any log that will accept it, so what
you have observed is not in any way surprising.
Indeed, Chrome's CT policy requires certificates to be submitted to
multiple logs.
On 08/11/17 13:15, Shubham Agarwal wrote:
> Hey Robb can you plz explain that for same CA (Lets Encrypt) why there
> are different no of fields available in Certificate Transparency header
> on cert.sh ?
>
> 249746719 <https://crt.sh/?id=249746719> and 233465075
> <https://crt.sh/?id=233465075>. In Certificate transparency 4,5 and 3
Reply all
Reply to author
Forward
0 new messages