Jacob Hoffman-Andrews
Jacob Hoffman-Andrews
For each challenge in our database that gets validated, we store a ValidationRecord. This isn't for audit purposes (we have logs for that), but to help clients debug beyond what's...
In https://github.com/letsencrypt/boulder/pull/6008 we're adding some logging to track how often TLS 1.0 / 1.1 are used during validation. Once we've fully removed support, we should remove that code.
In WFE2, request logs (path, IP, user-agent, etc) are logged at Info level. In ocsp-responder they are logged at Debug level. We should change ocsp-responder to log those at Info...
It would be useful to know how many rps per core an ocsp-responder can serve, if it's not limited by its datastore performance. To do that, I propose to stand...
We should have a way to absorb the list of items we should have responses for, but don't.
This should be in addition to the approach where we find work by scanning the DB. The goal should be that we find most of our work by scanning ROCSP,...
We should monitor the current length of the queue in addition to the entry/exit rate.
When you create a new order, Boulder first checks the authz2 table to see if there are any pending or valid authzs for the names you asked for, so it...
Right now cert-checker uses this query to find work: ``` "WHERE id > :id AND issued >= :issued AND expires >= :now ORDER BY id LIMIT :limit" ``` We know...
DigiCert listed a set of checks their ceremony tool performs: https://bugzilla.mozilla.org/show_bug.cgi?id=1654967#c1. We should review our own ceremony tool and ensure it performs similar checks, where appropriate.