> Thanks for the information, Kurt (and indirectly, Eddy). I would like > to be accurate on this point and correct the story as necessary, but I > need help in ensuring I have the right information and understand what > it means, first.
Where did you get you numbers exactly? > Kurt, I gather your SSL data is from July's Defcon paper (available at > https://www.eff.org/observatory). For starts, could you folks explain > to me why the 4.3M sites with a valid certificate chain would be the > ones to look at (vs. all that offer an SSL handshake). Second, why > would Google be wrong in saying it's 0.05 percent of all sites vs. > just SSL/TLS-encrypted sites? No, I cannot explain, I'm just repeating what I have heard from a reputable source (EFF/etc.). Well actually I can: Valid cert chain = signed certificate from a trusted root (Verisign/etc.). SSL handshake = some SSL certificate (self signed, internal CA, or external CA like Verisign/etc.). As for: "Second, why would Google be wrong in saying it's 0.05 percent of all sites vs. just SSL/TLS-encrypted sites?" I cannot speak for Google (heck, I can barely speak for myself!), so I have no idea. I am simply quoting your your %'s. > sts > > -- > [email protected] > http://news.cnet.com/deep-tech > Twitter/Skype: stshank -- Kurt Seifried [email protected] tel: 1-703-879-3176 -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
