[cryptography] Let's go back to the beginning on this
holz at net.in.tum.de
Wed Sep 14 03:13:21 EDT 2011
>> Well, yes, but it is the Alexa Top 1 million list that is scanned. I can
>> give you a few numbers for the Top 1K or so, too, but it does remain a
>> relative "popularity".
> How many of those sites ever "advertise" an HTTPS end-point though?
> Maybe users are extremely unlikely to ever see a link, etc. that
> points to their HTTPS endpoint.
Maybe, but I don't have any numbers on that. However, if someone wants
to do it: a simple way would be to download a site's start page and
check for HTTPs links in the HTML. Then go to that site, download the
cert and do the validity checks. Obviously, you're likely not in the top
1 million sites anymore then.
Actually, I think Ivan Ristic has done something similar for login forms:
Although his presentation doesn't give any numbers how often the
encountered certificates were valid (chain, host name) for the thus
protected login site.
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the cryptography