
Is Certificate Transparency usable - DyslexicAtheist
https://www.youtube.com/watch?v=e_rwG7MA5VU
======
DyslexicAtheist
Awesome talk on practical uses of Certificate Transparency by Emily Stark

An interesting tool in context to this to audit CT trails is "certgraph":
[https://github.com/lanrat/certgraph](https://github.com/lanrat/certgraph)

Certgraph allowed me to retire my hacky .bashrc function (below) which was
kind of a poor man's substitute using openssl client to look up and print the
cert-chain:

    
    
      # Display PKI chain-of-trust for a given domain:
      function certchain() {
          if [[ "$#" -ne 1 ]]; then
               echo "Usage: ${FUNCNAME} <ip|domain[:port]>"
               return 1
          fi
    
          local host_port="$1"
    
          if [[ "$1" != *:* ]]; then
              local host_port="${1}:443"
          fi
    
          openssl s_client -connect "${host_port}" </dev/null 2>/dev/null | grep -E '\ (s|i):'
      }
    
    

Until CT all I had was a hammer and all problems were nails, so I'm glad for
CT to take off in this massive way.

