On 21/09/16 10:21, Gervase Markham wrote:
> On 12/09/16 22:46, Ryan Sleevi wrote:
>> Consider if we start with the list of certificates issued by StartCom
>> and WoSign, assuming the two are the same party (as all reasonable
>> evidence suggests). Extract the subjectAltName from every one of
>> these certificates, and then compare against the Alexa Top 1M. This
>> yields more than 60K certificates, at 1920K in a 'naive' whitelist.
>> However, if you compare based on base domain (as it appears in
>> Alexa), you end up with 18,763 unique names, with a much better
>> compressibility. For example, when compared with Chrome's Public
>> Suffix List DAFSA implementation (as one such compressed data
>> structure implementation), this ends up occupying 126K of storage.
> Can you tell us how many unique base domains (PSL+1) there are across
> WoSign and StartCom's entire certificate corpus,
I ran some queries earlier today on the crt.sh DB, to find all CNs,
dNSNames and iPAddresses in all unexpired certs whose issuer names
include either "WoSign" or "StartCom". Then I cross-referenced that
with the latest PSL data to discover the unique base domains:
Unique CNs/dNSNames: 395,222
Unique Base Domains: 118,785
Unique IP Addresses: 154
Unique CNs/dNSNames: 706,020
Unique Base Domains: 249,841
Unique IP Addresses: 0
> and what that might look like as a DAFSA?
I don't know how to answer that question, but hopefully the lists of
unique base domains that I generated will help...
Senior Research & Development Scientist
COMODO - Creating Trust Online
dev-security-policy mailing list