Remove BygoneSSL documentation from the README

This feature will likely be removed in the future.

This feature can help you identify certificates that are
issued before you take ownership of a domain, helping you identify
certificates that are definitely not yours.

However, in practice this doesn't have very much utility:

1. Such certificates are probably already in CT when you start monitoring,
requiring you to download ALL certificates (by omitting -start_at_end)
to find them, which is not very practical.

2. It doesn't detect certificates that are issued based on reused domain
validations that were completed before you took ownership of the domain.
This commit is contained in:
Andrew Ayer 2023-01-15 17:09:33 -05:00
parent 34f5c857b6
commit 76d30c2033
1 changed files with 0 additions and 11 deletions

11
README
View File

@ -149,14 +149,3 @@ Cert Spotter is not just a log monitor, but also a log auditor which
checks that the log is obeying its append-only property. A future checks that the log is obeying its append-only property. A future
release of Cert Spotter will support gossiping with other log monitors release of Cert Spotter will support gossiping with other log monitors
to ensure the log is presenting a single view. to ensure the log is presenting a single view.
BygoneSSL
Cert Spotter can also notify users of bygone SSL certificates, which are SSL
certificates that outlived their prior domain owner's registration into the
next owners registration. To detect these certificates add a valid_at
argument to each domain in the watchlist followed by the date the domain was
registered in the following format YYYY-MM-DD. For example:
example.com valid_at:2014-05-02