[cryptography] Announcing the ICSI Certificate Notary

Matthias Vallentin vallentin at icir.org
Fri Nov 2 19:37:59 EDT 2012

We are happy to announce the ICSI Certificate Notary today. This service
provides near real-time reputation information on a large number of
TLS/SSL certificates seen in the wild, collected continuously from a set
of partner network sites. The notary's data includes the time when a
certificate was first and last seen, and whether we can establish a
valid chain to a root certificate from the Mozilla root store. Over the
course of this year, we built a certificate database that now comprises
roughly half a million unique web certificates from over 7.6 billion
connections, representing the activity of estimated 220,000 users.

You can use the service by sending a DNS request for an A or TXT record


The token <sha1> represents the SHA1 digest of the certificate to query, which
you may find when consulting your browser for details about a certificate. For
further details, usage instructions, and background reading, please visit the
notary website at:


We much appreciate your feedback at this early stage, both positive
works-for-me notices as well as problems and suggestions for


More information about the cryptography mailing list