Comments (4)
I'd suggest make this more a separate notary. I'm basically working on doing the same at the moment using SSL Observatories database as the certificates it's verifying against.
As for the actual timestamps, I think they might be used for caching purposes, but I'd have to go through the code to check.
from convergence.
The client doesn't currently do anything with timestamps, eventually I'd like to be able to use them to display visual certificate histories for sites, as well as warn when a certificate is fresh or has just changed.
@cless, I think @ewanm89 might be on the right track here. What might make sense is a notary backend that implements "certificate pinning," as Chrome does for Google properties in-browser. In this case, the pinning is usually done based on the actual public key in the cert, rather than the cert fingerprint itself.
from convergence.
Alright, I personally think it would be useful to have one implementation that has several backend modes so notary admins only have to keep track of one backend and its new features.
Another reason I think it's useful is because your notary will always need fallback methods. One operator couldn't pin every certificate in use today. New servers that aren't in the SSL observatory can't be verified that way either. Self signed certificates can't be verified by a CA notary.
Does the protocol have a reply that means the notary can't handle that particular request?
from convergence.
@cless Yes, a notary can respond with 303 to explicitly indicate that its vote should be withdrawn from the consensus, which is different from it voting negative in the consensus, being unreachable, or otherwise encountering an error.
from convergence.
Related Issues (20)
- Yahoo mail domain fails cert UCC match HOT 1
- Make Convergence standalone HOT 2
- Make Convergence standalone HOT 1
- Make Convergence standalone HOT 2
- No Longer Works with Firefox 18.0 new beta update HOT 4
- Notary Source missing HOT 2
- certificate verification is sucesseful, but firefox dont accept certificate HOT 1
- 404
- Changing to non standart ports HOT 1
- Convergence Addon Breaking in Firefox 18 HOT 2
- Adding notary from URL doesn't work HOT 4
- SSL slows to a crawl HOT 3
- Convergence doesn't work on Firefox Aurora 22 HOT 1
- recentbadcerts undefined (Firefox 22.0) HOT 2
- Connectivity failure - notaries overloaded? HOT 4
- Unable to add notaries HOT 14
- Automated reporting of new notaries HOT 1
- Is this project dead? HOT 6
- You need to sign the extension for it to install in Firefox HOT 2
- convergence.io is pointing to a different project HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from convergence.