Hi,

> Oh, now it makes sense, those are mostly router certs (and various other certs
> from vendors who create broken certs like the Plesk ones).  You won't just
> find them in Korea, they're everywhere, in vast numbers, but (at least for the
> router certs) they're usually only visible from the LAN interface.

I just had a look in our monitoring data - i.e. data of real SSL
connections that users make. Those cannot be router certs.

I find CA:TRUE in 0.8% of certificates (of 200k connections) in Sep
2010; and in 1.15% in Apr 2011 (of 950k connections).

Here are some noteworthy issuers and counted occurrences:

CN=localhost.localdomain/[email protected], 585
(ok, boring)

CN=undermine.corp/[email protected], 480
(more interesting)

CN=confixx/[email protected], 206
(ok)

CN=Administration Server, ST=Moscow, L=RU,
C=RU/[email protected], O=Kaspersky Lab, 114
(oh)

C=DE, ST=Bayern, L=Vilshofen, O=Internet Widgits Pty Ltd,
CN=quetzalcoatl.dyndns.org/[email protected],
105
(hmmmm)

And, to my dismay :-), my own university seems to be messing up:

C=DE, ST=Bavaria, L=Munich, O=Technische Universitaet Muenchen, OU=LSR
Institute of Automatic Control Engineering, CN=*.lsr.ei.tum.de, 62

C=DE, ST=Bavaria, L=Freising, O=Wissenschaftszentrum Weihenstephan TUM,
OU=InformationsTechnologie Weihenstephan,
CN=phoenix.wzw.tum.de/[email protected], 54


Ralph

-- 
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to