[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Ralph Holz holz at net.in.tum.de
Thu Sep 22 12:30:23 EDT 2011


> study this more carefully and sooner as possible. SSL Observatory from
> EFF is a step forward but we need more.

Their distributed observatory is probably going to help much here, but I
can offer the data sets from our paper. I'll put the paper online
tomorrow and paste the link here.

> 1 - We need data on the details of certificates obtained from
> different geographic/government locations when pointing to popular
> endpoints such us google, facebook and so on

We did not find any differences in the top 200 or so, and the rest did
not seem suspicious. See the links in the previous mail for the set of
differing certs.

> 2 - We need to map/take_in_account clustered endpoints, like google,
> when doing this, since certificates differ in the clusters.

We did not observe that too often (Microsoft did it, not sure about
Google), but yes, we would need to crawl such clusters.

> 3 - Sitting ourselfs in different geographic locations when performing
> data collection should be done using different methods (use of
> proxy's, people from different countries submitting their certificates
> views..???).

Sorry, I don't quite get that?


Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110922/ab3c98f3/attachment.asc>

More information about the cryptography mailing list