On Mon, Oct 11, 2010 at 12:43:29PM -0600, Peter Saint-Andre wrote: > Speaking of which, someone contacted Jeff and me off-list about some > research results showing that of a very large number of certificates > presented by TLS-protected websites, less than 0.01% contain wildcards > in component fragments. Given that minuscule level of deployment, I > don't see good reasons to spend more cycles on the topic.
The relative number of certs is less relevant than how widely those certs are used, surely. I checked the "top 1m sites" database from: http://blog.johnath.com/2009/01/21/ssl-information-wants-to-be-free/ - 382860 total sites (hostnames) returned a cert - 94438 of total sites used a wildcard cert (24%) - 5% of total sites use the wildcard cert with CN=*.blogger.com ... other blogging/mass-hosting sites similarly high usage Only a handful (5) use the "f*.example.com" form; all those were certs issued by the GoDaddy and starfieldtech.com CAs. I support Martin's arguments that the "f*.example.com" form specified in RFC 2818 should be supported. Regards, Joe _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
