[Oisf-devel] [Discussion] [Emerging-Sigs] OISF Brainstorming Session Summary / Phase Three Draft Dev Roadmap
Victor Julien
victor at inliniac.net
Mon Sep 26 18:35:55 UTC 2011
On 09/26/2011 08:31 PM, Martin Holste wrote:
>> Our code is BSD licensed at least so it can be reused. For the tasks that I imagine you'd want to be doing with Suricata, I wouldn't expect the processing to be that intense actually.
>
> Well, when I put Bro on just port 443, it still has to work pretty
> hard, which is why I believe that asking Suricata to walk the cert
> chain would add a considerable load. Now, I'll certainly admit that's
> far from scientific reasoning, but my other point stands: if I already
> have a tool available which will alert on invalid certs, why do I need
> another one, especially when that would come with the opportunity cost
> of not implementing some currently unimplemented feature. Sure, there
> are a few cool things you can do in Suricata with that, but I'd wager
> that we're already getting 80% of the use from the simple pattern
> matching sigs we have out there for the "Internet Widgits" and
> "SnakeOil" fake SSL certificates. So, I'm not against putting SSL
> features into Suricata, I just want that to be one of the last things
> to go in.
Fair point. Luckily it just seems that the heavy lifting of this
development is done outside of OISF. So that should limit the amount of
work the dev team does considerably.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list