[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Ralph Holz holz at net.in.tum.de
Sun Sep 18 14:25:26 EDT 2011


Hi,

>> In the EFF dataset of the full IPv4 space, I find 773,512 such certificates.
> 
> Could these be from the bizarro Korean DIY PKI (the NPKI) that they've
> implemented?  Could you post (or email) some of the certs?

I don't think so. Here is a list of "COUNT(issuers), issuers" from the
EFF dataset. Only those counted that appeared > 200 times.

http://www.meleeisland.de/issuer_ca_on_eff.csv

Let me know if you want a few of those certs.

BTW, that cert by Gov of Korea is found this often in the EFF data set:

1694 | C=KR, O=Government of Korea, OU=GPKI, CN=CA134040001

Should be in the CSV above.

Ralph

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110918/21af5f46/attachment.asc>


More information about the cryptography mailing list