Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rearchitecture X509 logging. #859

Open
0xxon opened this issue Mar 12, 2020 · 0 comments
Open

Rearchitecture X509 logging. #859

0xxon opened this issue Mar 12, 2020 · 0 comments

Comments

@0xxon
Copy link
Member

@0xxon 0xxon commented Mar 12, 2020

@JustinAzoff pointed out in #744 that we should skip logging duplicate certificates, and just refer to them by hash.

This can probably be achieved similarly to how logging works in https://github.com/0xxon/zeek-tls-log-alternative-parser.

We could also choose to completely suppress duplicate X509 events. I am a bit more hesitant about that, since it might break the assumption of user scripts. (There is a chance that it might save significant amount of processing in some networks though).

@0xxon 0xxon added this to the 3.2.0 milestone Mar 12, 2020
@0xxon 0xxon self-assigned this Mar 12, 2020
@0xxon 0xxon added this to Unassigned / Todo in Release 3.2.0 via automation Mar 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Release 3.2.0
  
Unassigned / Todo
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.