[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)
holz at net.in.tum.de
Thu Sep 22 05:36:20 EDT 2011
> Oh, now it makes sense, those are mostly router certs (and various other certs
> from vendors who create broken certs like the Plesk ones). You won't just
> find them in Korea, they're everywhere, in vast numbers, but (at least for the
> router certs) they're usually only visible from the LAN interface.
I just had a look in our monitoring data - i.e. data of real SSL
connections that users make. Those cannot be router certs.
I find CA:TRUE in 0.8% of certificates (of 200k connections) in Sep
2010; and in 1.15% in Apr 2011 (of 950k connections).
Here are some noteworthy issuers and counted occurrences:
CN=localhost.localdomain/emailAddress=root at localhost.localdomain, 585
CN=undermine.corp/emailAddress=vzhang at yahoo-inc.com, 480
CN=confixx/emailAddress=info at confixx.com, 206
CN=Administration Server, ST=Moscow, L=RU,
C=RU/emailAddress=support at kaspersky.com, O=Kaspersky Lab, 114
C=DE, ST=Bayern, L=Vilshofen, O=Internet Widgits Pty Ltd,
CN=quetzalcoatl.dyndns.org/emailAddress=webmaster at quetzalcoatl.dyndns.org,
And, to my dismay :-), my own university seems to be messing up:
C=DE, ST=Bavaria, L=Munich, O=Technische Universitaet Muenchen, OU=LSR
Institute of Automatic Control Engineering, CN=*.lsr.ei.tum.de, 62
C=DE, ST=Bavaria, L=Freising, O=Wissenschaftszentrum Weihenstephan TUM,
CN=phoenix.wzw.tum.de/emailAddress=certs at wzw.tum.de, 54
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the cryptography