crlite
crlite copied to clipboard
mozilla
WebPKI-level Certificate Revocation via Multi-Level Bloom Filter Cascade
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20191007182048-72f939374954 to 0.23.0. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
I'm not sure what this project is, but the urls in here are very out of date https://github.com/mozilla/crlite/blob/main/go/certificate-transparency-go/submission/server/main.go#L35 https://github.com/mozilla/crlite/blob/main/setup/list_all_active_ct_logs#L3 https://www.gstatic.com/ct/log_list/log_list.json has not been available for months it is recommended you...
https://groups.google.com/a/ccadb.org/g/public/c/3FMFP0huxno/m/HMWF6NITBAAJ?pli=1
See https://bugzilla.mozilla.org/show_bug.cgi?id=1565282. The `subject` attribute isn't used and is just taking up space, so it can be removed. The `whitelist` attribute isn't used and uses problematic terminology, so it can...
There are a few urlsafe-base64 encoded values in the aggregator-produced `enrolled.json` file. We don't need to put any of these values in URLs, so we should use standard base64 everywhere.
xor filters
(originally filed at https://github.com/mozilla/rust-cascade/issues/18 when this repo hasn't yet been opened) It would be interesting to investigate usage of xor filters for crlite: https://lemire.me/blog/2019/12/19/xor-filters-faster-and-smaller-than-bloom-filters/ The authors claim they are both...
The moz_kinto_publisher script depends on a few external services, so it is difficult to test manually. On top of that, the dev environment doesn't have write access to a Kinto...
We should do a little work to make it easier to change the structure of remote settings collections in the future.
CT logs rate-limit our `get-entries` requests, and this limits how quickly we can "reboot" CRLite when we make a change that requires us to re-ingest CT log data. This issue...
Can CRLite also crawl non-public CRLs for CA's included in the trust list? When issuing a lot of certificates it's not attractive to publish / list a CRL into EE...
