Hi, > Interesting. Are you pulling the server-certs out of the SSL > handshake and then checking if they validate against any browser > store?
Yes, with the second operation offline and validating against the NSS root store. I don't have a MS one at the moment, it would be interesting (how do you extract that from Win? The EFF guys should know) (Here's a privacy disclaimer, though: only statistics leave our monitor, no certs, no connection data, etc.) >> In our scanning data, we find that only about 18% of certificates have >> both a valid chain plus the correct hostname (wildcarded or not) in >> their CNs or SANs. > > This data, while interesting, doesn't tell us much about how often > users encounter those sites. I much prefer data instrumented from > actual web browsers, or network traffic. Well, yes, but it is the Alexa Top 1 million list that is scanned. I can give you a few numbers for the Top 1K or so, too, but it does remain a relative "popularity". Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
