badssl.com icon indicating copy to clipboard operation
badssl.com copied to clipboard
verified publisher icon chromium

Test sites for Expect CT?

Open estark37 opened this issue 9 years ago • 4 comments

Hey @lgarron, we wanted to set up a couple test sites for Expect CT. Do you think we could use badssl.com for this? For example, it would be awesome to have expect-ct-violation.badssl.com that is on the Expect-CT preload list, serves the Expect-CT: preload header, but doesn't serve any SCTs. And maybe even expect-ct.badssl.com that does serve SCTs. What do you think? cc @eranmes

estark37 avatar Apr 26 '16 18:04 estark37

badssl.com sounds great for this, especially since we'll probably want to test the developer UI based on these domains.

We also have preloaded-expect-ct.badssl.com and https://report.badssl.com/expect-ct at https://chromium.googlesource.com/chromium/src/+blame/master/net/http/transport_security_state_static.json#213

Do you have time to implement these yourself, or do you need someone else to do them? (Certs should be easy to get.)

lgarron avatar Apr 26 '16 18:04 lgarron

Cool. I think I can probably do it, though I imagine you'll need to be the one who gets the certs?

estark37 avatar Apr 27 '16 00:04 estark37

Yeah, getting certs should not be too hard. We'll have to make sure to get them from a CA who can embed them, or else run a patched version of nginx.

lgarron avatar Apr 27 '16 00:04 lgarron

This hasn't been implemented yet, has it?

FranklinYu avatar Dec 07 '18 19:12 FranklinYu