[cryptography] Let's go back to the beginning on this
holz at net.in.tum.de
Tue Sep 13 18:42:08 EDT 2011
> Is anyone aware of any up-to-date data on this btw? I've had
> discussions with the browser makers and they have some data, but I
> wonder whether anyone else has any data at scale of how often users
> really do run into cert warnings these days. They used to be quite
> common, but other than 1 or 2 sites I visit regularly that I know ave
> self-signed certs, I *never* run into cert warnings anymore. BTW,
> I'm excluding "mixed content" warnings from this for the moment
> because they are a different but related issue.
I run into it quite regularly, often on sites of non-commercial
organisations. Like universities. My favourite page so far said "Please
ignore the warning that will appear when you click next" (that was FU
Hagen, I believe).
That said, I can see in our monitoring data that about 20-60% of
certification chains are broken, and these are sites that people do
access (it is passive monitoring data from a large regional ISP).
In our scanning data, we find that only about 18% of certificates have
both a valid chain plus the correct hostname (wildcarded or not) in
their CNs or SANs.
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the cryptography