GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → SSLMate → ct-honeybee

SSLMate / ct-honeybee

Licence: CC0-1.0 license
Lightweight program that pollinates STHs between Certificate Transparency logs and auditors

Programming Languages

python
139335 projects - #7 most used programming language

Labels

pkicertificate-transparencygossipsth-pollination

Projects that are alternatives of or similar to ct-honeybee

Certspotter
Certificate Transparency Log Monitor
Stars: ✭ 497 (+1888%)
Mutual labels:  pki, certificate-transparency
Xipki
Highly scalable and high-performance open source PKI (CA and OCSP responder). Minimal dependencies, No-JPA, No-Spring
Stars: ✭ 311 (+1144%)
Mutual labels:  pki, certificate-transparency
ct-woodpecker
A tool to monitor a certificate transparency log for operational problems
Stars: ✭ 136 (+444%)
Mutual labels:  pki, certificate-transparency
Pki
The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
Stars: ✭ 97 (+288%)
Mutual labels:  pki, certificate-transparency
oseid
Microchip AVR based smartcard/token with ECC and RSA cryptography
Stars: ✭ 17 (-32%)
Mutual labels:  pki
Phpasn1
A PHP library to encode and decode arbitrary ASN.1 structures using ITU-T X.690 encoding rules.
Stars: ✭ 136 (+444%)
Mutual labels:  pki
Caa helper
Generate a CAA policy
Stars: ✭ 125 (+400%)
Mutual labels:  pki
Cfrpki
Cloudflare's RPKI Toolbox
Stars: ✭ 104 (+316%)
Mutual labels:  pki
CheckSSL
🔒Check your site's SSL status using curl & bash
Stars: ✭ 41 (+64%)
Mutual labels:  certificate-transparency
open-attestation
Meta framework for providing digital provenance and integrity to documents.
Stars: ✭ 39 (+56%)
Mutual labels:  pki
Mathematical-Mesh
The Mesh is an infrastructure that makes the Internet easier to use by making it more secure.
Stars: ✭ 39 (+56%)
Mutual labels:  pki
Pspki
PowerShell PKI Module
Stars: ✭ 189 (+656%)
Mutual labels:  pki
pdf-sign-check
A java / spring boot application to help you sign and check signed pdf documents
Stars: ✭ 81 (+224%)
Mutual labels:  pki
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (+440%)
Mutual labels:  pki
certbot-dns-powerdns
PowerDNS DNS Authenticator plugin for Certbot
Stars: ✭ 22 (-12%)
Mutual labels:  pki
Vault Openvpn
Small wrapper utility to manage OpenVPN configuration combined with a Vault PKI
Stars: ✭ 112 (+348%)
Mutual labels:  pki
freeipa-issuer
A cert-manager external issuer for FreeIPA
Stars: ✭ 22 (-12%)
Mutual labels:  pki
pki-manager
IT Freelancers : Manage small PKI for multiple projects (or clients) with 2 bash scripts
Stars: ✭ 36 (+44%)
Mutual labels:  pki
Routinator
An RPKI Validator written in Rust
Stars: ✭ 215 (+760%)
Mutual labels:  pki
Asn1.js
ASN1js is a pure JavaScript library implementing a full ASN.1 BER decoder and encoder.
Stars: ✭ 196 (+684%)
Mutual labels:  pki
View All Similar Projects ➔ 
The Certificate Transparency Honeybee (ct-honeybee) is a lightweight
program that retrieves signed tree heads (STHs) from Certificate
Transparency logs and uploads them to auditors.

You can help strengthen the integrity of the Certificate Transparency
ecosystem by running ct-honeybee on your workstation/server/toaster every
hour or so (pick a random minute so that not everyone runs ct-honeybee
at the same time).  Running ct-honeybee from many different Internet
vantage points increases the likelihood of detecting a misbehaving log
which has presented a different view of the log to different clients.


INSTALLATION

Python 3 is required.

Install ct-honeybee and put it in a cron job to run once an hour or so
(pick a random minute so that not everyone runs ct-honeybee at the
same time).

ct-honeybee is stateless and won't write to your filesystem.


LOGS

All logs trusted or pending inclusion by Chrome are audited by
ct-honeybee.  Currently the list is hard-coded in the source code.


AUDITORS

ct-honeybee uploads STHs to the following auditors:

	certspotter.com
	ct.grahamedgecombe.com

If you run an auditor that implements the sth-pollination endpoint
described in Section 8.2 of draft-ietf-trans-gossip-00, please get in
touch <[email protected]> and we will add you to ct-honeybee.


TECHNICAL OPERATION

1. For each log: fetch the latest STH and add it to the list of STHs.
   For simplicity, signatures are not checked; we leave this job to the
   auditors.

2. Shuffle the list of auditors.

3. For each auditor: upload the list of STHs to the auditor using the
   protocol described in Section 8.2 of draft-ietf-trans-gossip-00.
   Add each returned STH to the list of STHs so they get pollinated
   to subsequent auditors.  Since we shuffle the list of auditors,
   we will pollinate in a different order each time ct-honeybee is run.


LEGALESE

Written in 2017 by Opsmate, Inc. d/b/a SSLMate <[email protected]>

To the extent possible under law, the author(s) have dedicated all
copyright and related and neighboring rights to this software to the
public domain worldwide. This software is distributed without any
warranty.

You should have received a copy of the CC0 Public
Domain Dedication along with this software. If not, see
<http://creativecommons.org/publicdomain/zero/1.0/>.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].