It's certainly news to me, and presumably some others, that this exists.
If certificate transparency is new to you, I feel like there are significantly more interesting articles and conversations that could/should have been submitted instead of "A public log intended for consumption exists, and a company is consuming that log". This post would do literally nothing to enlighten you about CT logs.
If the fact that OpenAI is scraping certificate transparency logs is new and interesting to you, I'd love to know why it is interesting. Perhaps I'm missing something.
Way more interesting reads for people unfamiliar with what certificate transparency is, in my opinion, than this "OpenAI read my CT log" post:
https://googlechrome.github.io/CertificateTransparency/log_s...
if this is the article that introduces someone to the concept of certificate transparency, then there's nothing wrong with that. graciously, you followed through with links to what you consider more interesting. that is not something a lot of commenters do and just leave it as a snarky comment for someone being one of the lucky 10000 for the day.
(Which is why I hate it that it's so hard to test things locally without having to get a domain and a certificate. I don't want to buy domain names and announce them publicly for the sake of some random script that needs to offer a HTTP endpoint.)
Modern security is introducing a lot of unexpected couplings into software systems, including coupling to political, social and physical reality, which is surprising if you think in terms of programs you write, which most likely shouldn't have any such relationships.
My favorite example of such unexpected coupling, whose failures are still regularly experienced by users, is wall clock time. If your program touches anything related to certificates, even indirectly, suddenly it's coupled to actual real clock and your users better make sure their system time is in synch with the rest of the world, or else things will stop working.
Yes. What does it have to do with HTTPS?
> You hopefully also know that you can create your own certificate authority or self signed certificates and add them to your CA store.
Sorta, kinda. Does it actually work with third-party apps? Does it work with mobile systems? If not, then it's not a valid solution, because it doesn't allow me to run my stuff in my own networks without interfacing with the global Internet and social and political systems backing its cryptographic infrastructure.
Oh, I read this as indicating OpenAI may make a move into the security space.
That’s not the intended use for CT logs.
Certificate transparency logs are intended to be consumed by others. That is indeed what is happening. Not interesting.