On 10/12/13 00:48, Erwann Abalea wrote:
Le lundi 9 décembre 2013 23:15:01 UTC+1, Brian Smith a écrit :
One thing that would really help would be an attempt to document which
publicly-accessible websites are using certificates that chain (only)
to the ANSSI root. I heard the claim that most French public
government websites actually use certificates that chain to a
different CA. That has led me to wonder how much the ANSSI root is
actually used by public websites. Having a list of domains that use
certs that chain to ANSSI root is likely to have some significant
bearing on the decisions about what to do. But, it will be a while
before I would have time to compile such a list.
Working on such a list on my spare time. Unfortunately, it's not a small
hierarchy.
Attached is a list of server identities (SAN->dNSNames, SAN->iPAddresses
and Subject->CNs) from all the certs I can find that chain only to the
"CN = IGC/A" Root and that would be trusted for server authentication by
browsers.
I tried to send a larger file just now (with more info), but I'd
forgotten that this list has a 40KB limit on attachments. Hopefully it
won't reject this .zip file...
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
