* Gervase Markham: > On 24/03/15 00:59, Peter Kurrasch wrote: >> Is the proposal to limit CNNIC roots to only .cn domains or would >> others be allowed? > > That's a matter for discussion. We do have some data (thanks, Richard) > from CT and other places on the prevalence of CNNIC certificates in > those scans, broken down by TLD: > > cn: 481 > com: 203 > net: 10 > xn--fiqs8s: 8 (This is 中国, .china in Simplified characters) > xn--55qx5d: 4 (This is 公司, basically .com) > xn--io0a7i: 2 (This is 网络, basically .net) > wang: 2 (This is the Pinyin (romanization) for 网, which you can see > in the .net equivalent above. Chinese internet cafes have > this character on their signs. http://icannwiki.com/.wang) > xn--fiqz9s: 1 (This is 中國, .china in Traditional characters) > > This is useful in assessing the impact of any particular proposed set of > changes.
The intermediate certificate which prompted this discussion had C=EG, which does not align well with a limitation to the Chinese market. How reliable are the data quoted above? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
