On 9/2/14, 10:53 AM, Hubert Kario wrote:
I've finally found some time to analyse the data from last months scan
to see what happens when additional roots are removed[1,2].
The scan took place between 11th and 19th of July 2014.
Sites scanned are taken from Alexa top 1 million sites as of 11th of July.
Hubert, Thank you for doing this analysis and sharing your findings.
Removing the Thawte 1024 bit roots[1] causes following changes:
Untrusted: +33 sites.
Incomplete chain: +153, -2 sites.
Complete chain: -184 sites.
Sites that become untrusted:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Looks like those SSL certs are 5 year certs that were issued in 2010, so
those site administrators will be needing to update their certs within
the next year.
The change is currently targeted for Firefox 35 (early January). That
gives Thawte/Symantec time to contact these customers, and get their
certs updated.
Removal of the GTE root has bigger impact:
complete -86
incomplete +17, -8
untrusted +77
since the list is so large I won't be quoting it here.
Would you please attach the list to the bug?
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
