Any good project I could contribute to?
58 views
Skip to first unread message
Quentin L
Mar 3, 2017, 10:20:36 AM3/3/17
to certificate-transparency
Hi,
I am a student interested in how certificates (X.509, CT, CRL/OCSP, ...) work by reading and writing some code about it. Mailing lists (mozilla.dev.security.policy, certificate-transparency and CABForum, mainly) give a good insight of how the "SSL/TLS certificates ecosystem" work, but it's always better with some practice.
I would know if you have any idea of projects in this domain I could contribute to, given that I'm not a professional (not a total newbie either) ?
Thank you,
Quentin
Rob Percival
Mar 3, 2017, 11:17:06 AM3/3/17
to certificate-transparency
Hi Quentin,
OpenSSL 1.1 has Certificate Transparency support, but I don't know of anything that is currently using it. An interesting project might be to pick some open source software that uses OpenSSL and set it up to do CT validation. You'd develop some familiarity with OpenSSL and certificate-handling code, and most likely be part of discussions to determine what CT policy that software should have (assuming things progress that far). In the longer term, I think the policy should be determined at the OS level (akin to how there's an OS package that provides the set of trusted root certificates), but I haven't gotten around to so much as tracking down the people I'd need to speak to about that. Anyway, all in all, lots of scope to run with it, but it could also be fairly self-contained if you just wanted to add CT support to some software and leave it at that.
I'm sure other people will have other project suggestions though. I'm a bit biased because I wrote that OpenSSL code (so feel free to send any questions about it my way).
Rob
Salz, Rich
Mar 3, 2017, 12:56:56 PM3/3/17
to certificate-...@googlegroups.com
> OpenSSL 1.1 has Certificate Transparency support
One self-contained project is to add a "-rmpoison" to the openssl CA command. See https://github.com/openssl/openssl/pull/843
Quentin L
Mar 4, 2017, 12:28:04 PM3/4/17
to certificate-transparency
Hey,
Thank you for your comments.
Modifying software that use OpenSSL to make them do CT validation should be interesting, thanks for the suggestion. I don't have any idea of software to work on right now but it should not be hard to find (I guess not many software have implemented it yet).
I'll also read parts of the OpenSSL code as it could help to understand implemented mechanisms.<
Thank you for your comments.
Modifying software that use OpenSSL to make them do CT validation should be interesting, thanks for the suggestion. I don't have any idea of software to work on right now but it should not be hard to find (I guess not many software have implemented it yet).
I'll also read parts of the OpenSSL code as it could help to understand implemented mechanisms.<
Regards,
Quentin
Quentin
Reply all
Reply to author
Forward
0 new messages