servercert
pykka
servercert | pykka | |
---|---|---|
10 | 1 | |
165 | 1,230 | |
3.0% | - | |
6.3 | 7.8 | |
1 day ago | 24 days ago | |
CSS | Python | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
servercert
- SSL certificate lifetimes are going down. Dates proposed. 45 days by 2027
- CA/Browser Forum SC-081: Introduce Schedule of Reducing Validity Periods
- WebPKI – Introduce Schedule of Reducing Validity (Of TLS Server Certificates)
-
We Spent $20 to Achieve RCE and Accidentally Became the Admins of .MOBI
The current CAB Forum Baseline Requirements call for "Multi-Perspective Issuance Corroboration" [1] i.e. make sure the DNS or HTTP challenge looks the same from several different data centres in different countries.
[1] https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
-
DigiCert Revocation Incident (Cname Domain Validation)
There's no prohibition against issuing certificates for names on the Public Suffix List.
BR 3.2.2.6 prohibits issuing a wildcard certificate for an entire public suffix unless the "Applicant proves its rightful control of the entire Domain Namespace" (without specifying how this should be done - arguably, publishing a DNS record would qualify) but also says that CAs should use the "ICANN DOMAINS" section of the PSL only, not the "PRIVATE DOMAINS" section, so domains for dynamic DNS providers and the like wouldn't be included in any case. [https://github.com/cabforum/servercert/blob/main/docs/BR.md#...]
-
All I Know About Certificates – Certificate Authority
That's because some people came along and produced a parallel standard [1] adding loads more rules, clarifications and constraints to convert X509 into something approximately fit for purpose.
[1] https://github.com/cabforum/servercert
-
Does my site need HTTPS?
This is permitted: https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
But it hasn't really caught on; a lot of registrars don't seem to want the complexity of being (or integrating with) a CA, and vice versa.
-
Let's Encrypt: Issue with TLS-ALPN-01 Validation Method
It is unfortunate. It's required: https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
-
MarkMonitor left 60k domains for the taking
No, they don't have to MitM the CA's domain validation request. While they have brief control over the website, they use domain validation method 3.2.2.4.18 (Agreed-Upon Change to Website v2)[1] or 3.2.2.4.19 (Agreed-Upon Change to Website - ACME)[2] to legitimately complete domain validation by making a change to the website.
[1] https://github.com/cabforum/servercert/blob/cda0f92ee70121fd...
- A safer default for navigation: HTTPS
pykka
-
We Spent $20 to Achieve RCE and Accidentally Became the Admins of .MOBI
A friend of mine recently let the domain used for documentation of Pykka, a Python actor library, expire. Some of course registered the domain, resurected the content and injected ads/spam/SEO junk.
Since the documentation is Apache License 2.0 there isn't much one can do, other than complain to the hosting about misuse of the project name/branding. But so far we haven't heard back from the hosting provider's abuse contact point (https://github.com/jodal/pykka/issues/216 if anyone is interested).
What are some alternatives?
cert-gen - Generate CA and self-signed SSL certificates usable in your browser for local development.
agency - A fast and minimal framework for building agent-integrated systems
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
jockey - 🏇 Generic Python library for running asynchronous workers. Useful for building event handlers, web frameworks, and alike.
devcert-cli - A CLI wrapper for devcert, to manage development SSL/TLS certificates and domains
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>
devcert - Local HTTPS development made easy
django-concurrency - Optimistic lock implementation for Django. Prevents users from doing concurrent editing.
gitlab
x509-limbo - A suite of testvectors for X.509 certificate path validation and tools for building them
list - The Public Suffix List