[cryptography] Let's go back to the beginning on this
andy at steingruebl.com
Tue Sep 13 18:57:22 EDT 2011
On Tue, Sep 13, 2011 at 3:42 PM, Ralph Holz <holz at net.in.tum.de> wrote:
> That said, I can see in our monitoring data that about 20-60% of
> certification chains are broken, and these are sites that people do
> access (it is passive monitoring data from a large regional ISP).
Interesting. Are you pulling the server-certs out of the SSL
handshake and then checking if they validate against any browser
> In our scanning data, we find that only about 18% of certificates have
> both a valid chain plus the correct hostname (wildcarded or not) in
> their CNs or SANs.
This data, while interesting, doesn't tell us much about how often
users encounter those sites. I much prefer data instrumented from
actual web browsers, or network traffic.
More information about the cryptography