Historical trends for certificate algorithms

[Jason Sachs]

I am looking for data to see how the mix of different certificate signing algorithms has varied over time. (RSA / EDCSA and key length)

I am trying to figure out how I could query some of the CT logs to parse this information, or at least a large statistical sample. Is there a reasonable way to do this? 

(I'm looking at crt.sh and it lets you query by a numerical ID, for example https://crt.sh/?id=12345678 , but the results are human readable rather than machine readable; if I could access a machine-readable version then I could just start querying a bunch of random IDs over time.)

Has someone already posted such a breakdown of certificates by algorithm and key length? 

[Philippe Boneff]

Hi Jason,

Cloudflare Radar renders some of that information. If you'd like to run your own analysis, you can find historical CT data on https://github.com/geomys/ct-archive/.

I hope it helps,
Philippe

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/certificate-transparency/0ce28202-9873-484f-aef2-37bf4f20bc94n%40googlegroups.com.

[Jason Sachs]

Thanks, I did find Cloudflare Radar already, but it only covers the last 12 months.

I think I might try to take statistical samples from crt.sh

[Jonas Meller]

Hi Jason,

crt.sh allows direct access to their database which might be helpful. See here for more information: https://groups.google.com/g/crtsh/c/sUmV0mBz8bQ/m/_MvHXuPeDAAJ

Best regards,

Jonas

To view this discussion visit https://groups.google.com/d/msgid/certificate-transparency/8b6fa980-bd78-4cd8-b85a-fe039de81849n%40googlegroups.com.