[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Ralph Holz holz at net.in.tum.de
Thu Sep 22 05:36:20 EDT 2011


> Oh, now it makes sense, those are mostly router certs (and various other certs
> from vendors who create broken certs like the Plesk ones).  You won't just
> find them in Korea, they're everywhere, in vast numbers, but (at least for the
> router certs) they're usually only visible from the LAN interface.

I just had a look in our monitoring data - i.e. data of real SSL
connections that users make. Those cannot be router certs.

I find CA:TRUE in 0.8% of certificates (of 200k connections) in Sep
2010; and in 1.15% in Apr 2011 (of 950k connections).

Here are some noteworthy issuers and counted occurrences:

CN=localhost.localdomain/emailAddress=root at localhost.localdomain, 585
(ok, boring)

CN=undermine.corp/emailAddress=vzhang at yahoo-inc.com, 480
(more interesting)

CN=confixx/emailAddress=info at confixx.com, 206

CN=Administration Server, ST=Moscow, L=RU,
C=RU/emailAddress=support at kaspersky.com, O=Kaspersky Lab, 114

C=DE, ST=Bayern, L=Vilshofen, O=Internet Widgits Pty Ltd,
CN=quetzalcoatl.dyndns.org/emailAddress=webmaster at quetzalcoatl.dyndns.org,

And, to my dismay :-), my own university seems to be messing up:

C=DE, ST=Bavaria, L=Munich, O=Technische Universitaet Muenchen, OU=LSR
Institute of Automatic Control Engineering, CN=*.lsr.ei.tum.de, 62

C=DE, ST=Bavaria, L=Freising, O=Wissenschaftszentrum Weihenstephan TUM,
OU=InformationsTechnologie Weihenstephan,
CN=phoenix.wzw.tum.de/emailAddress=certs at wzw.tum.de, 54


Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110922/b8b28da6/attachment.asc>

More information about the cryptography mailing list