alt Hacker NewsWith that said, given that (1) pre-certificates in the log are big and (2) lifetimes are shortening and so there will be a lot of duplicates, it seems like it would be good for someone to make a feed that was just new domain names.
Replies
827a • yesterday at 3:54 PM
These exist for apex domains; the real use-case is subdomains.
➕ show 1 reply
Eikon • yesterday at 4:29 PM
Merklemap offers that: https://www.merklemap.com/documentation/live-tail
There's an extension to static-ct-api, currently implemented by Sunlight logs, that provides a feed of just SANs and CNs: https://github.com/FiloSottile/sunlight/blob/main/names-tile...
For example:
(It doesn't deduplicate if the same domain name appears in multiple certificates, but it's still a substantial reduction in bandwidth compared to serving the entire (pre)certificate.)