If you outsource a sub-domain to a third party operator, you shouldn't monitor the sub-domain with #CertificateTransparency because you can't tell if a cert is legit or not.
Cert Spotter now lets you exempt these sub-domains from monitoring: https://sslmate.com/blog/post/exclude_subdomains_in_certspotter …
Thanks! Not sure how someone would follow your recommendation, though. Given a certificate, how can you assess whether your operator is being responsible or not?
-
-
For example, you’ll want to know if a cert for a site like …http://insert-racist-troll-here.support.example.com gets requested by the outsource customer support site operator.
-
A brand security / brand integrity matter.
End of conversation
New conversation -
-
-
Another case could be wildcards within the delegated namespace, contrary to the standards agreed by the domain holder and the party the subdomain is delegated to.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Off the top of my head, notifications could reverse, e.g. "no certificate has been found for the delegated subdomain". Expiration warnings could still be useful as well, if close enough to expiry to not cause erroneous false alarms.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.