Heads up

[David Champion]

Hello,

I am new to the group, and have been collaborating with Hanno Bock (with whom you have had previous correspondence in this group) for the past several weeks. Hanno developed a tool to detect cryptographic vulnerabilities in public keys. Hanno tests all new certs logged to CT for these vulnerabilities, which he fetches from crt.sh using your killer PSQL interface. He runs this process daily, fetching only certs logged since the previous run. Occasionally, the tool identifies a vulnerable key, that was nevertheless signed by a CA, whereupon Hanno notifies the CA.

I have proposed taking over this task from Hanno, but wish to run it in parallel with his for an indeterminate period of time. This will effectively double the traffic you see currently from Hanno (note the query grabs only PEM-encoded certs and their crt.sh IDs).

I know your rate-limit policy does not technically forbid this, but I wanted to give you a heads up all the same. If you have any concerns, please do not hesitate to let me know.

Thanks.

[r...@sectigo.com]

Hi David.  Thanks for the heads up.  This shouldn't be a problem.