Search.chatgpt.com domain and SSL cert have been created

Ah well I like your joke, but I know GPT is moving fast, but it would be unlikely and innocent dev can change DNS records of chatgpt.com

Sama & Lex Fridman literally talked about disrupting search in their latest podcast.

I hope they don't use this level of DNS to set up internal tooling.

The point of certificate transparency is to have a public audit log of every certificate issued. Even if you had your own CA, you would be obliged to report every certificate you issue to the CT. This is a feature, not a bug.

You can just buy a regular wildcard certificate for *.my-name.com

If your organisation is competent enough to handle an intermediate CA certificate safely, you're certainly competent to handle a wildcard cert safely which is a much easier task.

Sadly it's unlikely you'll ever see the Name Constraints extension adopted. All it takes is one model of 15 year old smart TV failing to respect it, and the CA/Browser Forum will consider it too dangerous to allow.

This would be so great. It also just mirrors the DNS trust model nicely, which is what’s used for X.509 trust anyway by most CAs.

Let’s encrypt and similar ACME compliant services allow you to get wildcard certs through their DNS-01 challenge.

As a red teamer I agree - I always found this ridiculous

It will be interesting to see what happens to copyright claims against ChatGPT. Google can just remove claimed content from its index, what will OpenAI do?

There is this tool from Facebook.

"Certificate Transparencyis an open framework which helps log, audit and monitor publicly-trusted TLS certificates on the Internet. This tool lets you search for certificates issued for a given domain and subscribe to notifications from Facebook regarding new certificates and potential phishing attacks."

https://developers.facebook.com/tools/ct/search/

crt.sh has rss feeds for any search result you throw at it, e.g.: https://crt.sh/atom?identity=chatgpt.com

most commercial offerings are about monitoring your own domain, e.g. from cloudflare, sslmate, etc.

You can set up your own certificate transparency listener, and get notified of every certificate created, in realtime, assuming you can handle the load. In my company we do this to scan new domains for potential phishing domains, to take them down before they become active.

There is free service called Certstream [0]. It does not provide notifications, you need to ingest the stream, look for the patterns of interest to you and handle notifications by yourself. But it's fairly easy and the service is commonly used by security teams.

[0] https://certstream.calidog.io/

Easy, just refresh Hackernews front page 24/7.

Cloudflare provides this as a feature, you can choose to get an email every time a certificate for your domain is generated.

is there a source for this outside 1 guy on twitter? If they were holding an event I would imagine invites would have gone out a while ago like their dev day..

In my experience LLMs are terrible at naming things, usually some combination of cringe and silly

> >"here let me search.chatgpt that for you"

Why would you say it like that though? You don't set "let me google.com that for you"

In the same way you don't say "let me chat.openai it for you", likely search.chatgpt.com will just become the new default interface to chatgpt, and "to chatgpt" something will mean to look it up on search.chatgpt.com

> Compare this to what I would have to do with google. Open browser, type the query, guess which of the top 10 results are likely to answer the issue I was having. Click few link to open them in new tab. Read though it to see if the correct problem was being discussed. If not see another link in the top 10 list. Repeat.

This is outdated. I repeated your experiment with Google query [how do I print from Autodesk] and the top result is the step by step instructions (not a link but the actual instructions, with a link to the source following). The second result is a link to Autodesk's own help docs for the print function. No ads above the fold.

But you make a point that people will keep assuming what they want to anticipate how the search will unfold, and I admit this is in part due to the enshittified commercial and news-related (and other) results, the bias is coming from somewhere, right? But I would encourage anyone to at least verify this assumption before posting it as fact.

Why do you think this implies they are building a search service rather than just scraping your site for more training data?

On the other side he said, the "next Copy of Google Search" would be boring. So let's see what they try to make differently

https://youtu.be/jvqFAi7vkBc?t=4681

That was through bing. And bing uses similar algorithms to google for ranking. OpenAI can do way better.

Or maybe something like Perplexity AI.

Can someone tell me how all that leet coding doesn't lead to their AI having better coding ability? More fizz buzz has been spilled on google whiteboards than in any other place on earth.

They would be open themselves to a class action lawsuit and no one would use their LLMs so I doubt it

No

Unless this is the Microsoft deal, and they're using Bing as their indexing backend.

Using azure bringing MS money. Even bing is not growing, the money comes in. If the search is good, it will explode and make MS buy more of hardware, making them the biggest cloud search. they can scale on it.

So the money will come in, that or that way.

Probably uses Bing to an extend.

Somebody has PUT options on Alphabet? :-)

What makes you think an AI can't be gamed in the same ways?

Lmao what so you think the LLM is trained on? And the data set is frozen in the past because LLMs are polluting the web with generated garbage.

ChatGpt will happily sell you snake oil wrapped in your favourite flavor of BS

There is no such thing as an "SSL certificate" or "TLS certificate". There are certificates, which are used in various protocols including SSL and TLS. You can use the same certificate for both. The name "SSL certificate" is just a shorthand indicating the intended purpose of the certificate, nothing more. As such there really is no point in being pedantic over SSL vs TLS.

X.509

We all know what it means.

tty. World Wide Web.