Remove BygoneSSL documentation from the README
This feature will likely be removed in the future. This feature can help you identify certificates that are issued before you take ownership of a domain, helping you identify certificates that are definitely not yours. However, in practice this doesn't have very much utility: 1. Such certificates are probably already in CT when you start monitoring, requiring you to download ALL certificates (by omitting -start_at_end) to find them, which is not very practical. 2. It doesn't detect certificates that are issued based on reused domain validations that were completed before you took ownership of the domain.
This commit is contained in:
Andrew Ayer
parent
34f5c857b6
commit
76d30c2033
11
README
11
README
|
|
@ -149,14 +149,3 @@ Cert Spotter is not just a log monitor, but also a log auditor which
|
|||
checks that the log is obeying its append-only property. A future
|
||||
release of Cert Spotter will support gossiping with other log monitors
|
||||
to ensure the log is presenting a single view.
|
||||
|
||||
|
||||
BygoneSSL
|
||||
|
||||
Cert Spotter can also notify users of bygone SSL certificates, which are SSL
|
||||
certificates that outlived their prior domain owner's registration into the
|
||||
next owners registration. To detect these certificates add a valid_at
|
||||
argument to each domain in the watchlist followed by the date the domain was
|
||||
registered in the following format YYYY-MM-DD. For example:
|
||||
example.com valid_at:2014-05-02
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue