Maybe there is an option to stop the discussion and get some really hard data, not telemetry data that needs to be interpreted. Maybe someone here will “download” the full set of certificates from CT-pilot. There are 10.mio certificate.
This would be around 4gb base64 data.
- Then we can filter what certificates are valid
- For each FQDN only take the newest.
- Create to diagrams:
a) Number of Certificate x Lifetime in Weeks
b) Number of (News per Domains (according to public suffix list)) x Lifetime in Weeks
Then we have an representative list of demanded certificates.
Maybe it would be possible to share even the Database ?