Nightwatch Cybersecurity Research
Nightwatch Cybersecurity Research
I am asking IETF members about this
IETF consensus seems to point to RFC 3339, I updated the GitHub version of the draft to reflect that.
See: https://www.rfc-editor.org/rfc/rfc9116.html#name-expires > The "Expires" field indicates the date and time after which the data contained in the "security.txt" file is considered stale and should not be used (as per...
As per the RFC, any valid URI can be used in the contact field: https://www.rfc-editor.org/rfc/rfc9116.html#name-contact > The value MUST follow the URI syntax described in [Section 3](https://www.rfc-editor.org/rfc/rfc3986#section-3) of [[RFC3986](https://www.rfc-editor.org/rfc/rfc9116.html#RFC3986)]. Looks...
This could be escaped as "\\_" The fix would be here: https://github.com/upptime/uptime-monitor/blob/master/src/helpers/notifme.ts#L232 ``` await axios.post( `https://api.telegram.org/bot${getSecret("NOTIFICATION_TELEGRAM_BOT_KEY")}/sendMessage`, { parse_mode: "Markdown", disable_web_page_preview: true, chat_id: getSecret("NOTIFICATION_TELEGRAM_CHAT_ID"), text: message, } ); ``` By adding...
Pull request here: https://github.com/upptime/uptime-monitor/pull/155
Regarding the x5c material itself - it seems at the minimum, it would be nice to provide a feature to validate the certificate against the CAs known by the JVM
If I understand correctly, this is referring to a public SSH key which you want reporters to use when submitting reports with this protocol: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig The problem is that reporters...
That just proves my point :) Without knowing that format of age keys, how is a reporter supposed to know how to use them? We can't assume every reporter knows...
> That defeats the purpose of signing security.txt and the RFC is only useful to the extent that it makes sense. The main use of the standard is to provide...