On 10/23/2014 02:00 PM, Richard Barnes wrote:
illa and the CA/Browser Forum.
And I suspect it is related to this:
http://blog.cloudflare.com/introducing-universal-ssl/
I previously wrote "You're probably right". He was.
As of the January 2014 U. Mich scan of IPv4 space:
Number of IPv4 sites offering an SSL cert: 66335624
Number with two different second-level domains: 154958
Number associated with cloudflare.com: 45405
Number associated with yellhosting.com: 1465
Those two services, "cloudflare.com" and "yellhosting.com",
seem to be the primary bulk users of multiple-domain certs.
(Akamai wasn't doing this.) Most other multiple-domain
certs have reasonable-looking combinations of domain names.
So that's what the data tells us. It's only Cloudflare, and
to a lesser extent Yell Hosting, who are doing this in
a big way.
More later.
John Nagle
SiteTruth
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
