On 24. 4. 2014 4:04, Radu Hociung wrote: > I hope to update you in a few days with some stats from my investigation into > SSL-Observatory vs. current CRL lists, but I can tell you now that I see some > CAs that had an average of 20 revocations/day in March but have shot up to > 300 revocations/day in April (ie, 15x increase). Startcom went from ~4 to > ~22/day (5x increase). One would expect 17% of about 130k Startcom certs to > be revoked due to heartbleed. (or a cool $500K, right?). However at the > current rate of 22/day, 82% of the affected certificates will still be valid > on their expiration day.
SANS has a nice overview of recent revocation activity https://isc.sans.edu/crls.html Martin _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy