Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let users request on-demand scans of a website #20

Open
daveschaefer opened this issue Jul 29, 2013 · 1 comment
Open

Let users request on-demand scans of a website #20

daveschaefer opened this issue Jul 29, 2013 · 1 comment
Labels
Enhancement

Comments

@daveschaefer
Copy link
Collaborator

When a website legitimately updates its certificate it normally has to wait for the notary's scheduled scanning process to run before information is updated. This is not ideal as it can take a long time for the updated cert information to propagate, and users will see a scary red 'X' for the site.

Add an optional feature that allows any visitor to submit the name of a site to be scanned on demand. The notary will then attempt to scan the site just as it normally would, using the same settings, and update its database with the new certificate information. Legitimate site owners or good samaritans could then notify notaries that a certificate has changed.

It is important that the notary itself do the scanning and that the only input allow by the user is the name of the site. Also, scans should be rate-limited, perhaps by IP address, by target site, and by total requests in 24 hours, so that the notary cannot be overwhelmed.
@danwent
Copy link
Owner

danwent commented Sep 15, 2013

Yeah, I think we could have a simple rule like we will do at most one
on-demand probe per service_id per day per notary server. If this is to
handle a legitimate one-time key change, such things should be very
infrequent, such events should be very rare.

Dan

On Sun, Jul 28, 2013 at 9:00 PM, Dave notifications@github.com wrote:

When a website legitimately updates its certificate it normally has to
wait for the notary's scheduled scanning process to run before information
is updated. This is not ideal as it can take a long time for the updated
cert information to propagate, and users will see a scary red 'X' for the
site.

Add an optional feature that allows any visitor to submit the name of a
site to be scanned on demand. The notary will then attempt to scan the site
just as it normally would, using the same settings, and update its database
with the new certificate information. Legitimate site owners or good
samaritans could then notify notaries that a certificate has changed.

It is important that the notary itself do the scanning and that the only
input allow by the user is the name of the site. Also, scans should be
rate-limited, perhaps by IP address, by target site, and by total requests
in 24 hours, so that the notary cannot be overwhelmed.


Reply to this email directly or view it on GitHubhttps://github.com//issues/20
.

Dan Wendlandt
650-906-2650

@daveschaefer daveschaefer mentioned this issue Feb 10, 2014
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danwent @daveschaefer