On 12/09/16 22:46, Ryan Sleevi wrote: > Consider if we start with the list of certificates issued by StartCom > and WoSign, assuming the two are the same party (as all reasonable > evidence suggests). Extract the subjectAltName from every one of > these certificates, and then compare against the Alexa Top 1M. This > yields more than 60K certificates, at 1920K in a 'naive' whitelist. > > However, if you compare based on base domain (as it appears in > Alexa), you end up with 18,763 unique names, with a much better > compressibility. For example, when compared with Chrome's Public > Suffix List DAFSA implementation (as one such compressed data > structure implementation), this ends up occupying 126K of storage.
Can you tell us how many unique base domains (PSL+1) there are across WoSign and StartCom's entire certificate corpus, and what that might look like as a DAFSA? Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
