On Tue, Sep 13, 2011 at 3:42 PM, Ralph Holz <[email protected]> wrote: > > That said, I can see in our monitoring data that about 20-60% of > certification chains are broken, and these are sites that people do > access (it is passive monitoring data from a large regional ISP).
Interesting. Are you pulling the server-certs out of the SSL handshake and then checking if they validate against any browser store? > In our scanning data, we find that only about 18% of certificates have > both a valid chain plus the correct hostname (wildcarded or not) in > their CNs or SANs. This data, while interesting, doesn't tell us much about how often users encounter those sites. I much prefer data instrumented from actual web browsers, or network traffic. - Andy _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
