Ivan replied..
>
> JeffH wrote:
>>
>> That explanation hints that most all the certs represented in the dataset
>> would be "valid" certs. However, there's ~150k more entries in the dbase
>> than the ~720K valid certs he observed. Though, there's ~150k apparently
>> "self-signed" certs in the dbase, so perhaps that's what's filling out the
>> dbase.
>
> The term "potentially valid" would be more accurate. The purpose of the
> survey was to investigate how is an average SSL server configured and for
> that we wanted to look at those servers that someone at least tried to
> configure properly. There are so many invalid certificates out there, so
> taking the configuration of all SSL servers would pollute the data.
>
> I defined "potentially valid" as residing on a domain name that matches the
> certificate. Trust was not a factor, and that's why there are self-signed
> certificates in the database. In addition, there's only one certificate per
> domain name and IP address.
>
> The 720K certificates were obtained from the 119M data set of domain name
> registrations. The additional 150K were obtained by looking at the Alexa's
> top 1M sites, as well as by data mining web site names from the certificates
> we obtained. The fact that there's about 150K self-signed certificates is a
> coincidence.
That's helpful, thanks.
It'd be great if you could include that explanation (and/or post it on the web)
along with the info from..
<http://blog.ivanristic.com/2010/07/ssl-server-survey-so-whats-with-the-22m-invalid-certificates-claim.html>
<http://blog.ivanristic.com/2010/07/ssl-server-survey-what-data-are-we-collecting.html>
..in a file in the data distro -- it'd help folks to better make use of it.
thanks again, having this data available is quite useful.
=JeffH
ps: also it'd be good to explain things such as the subjectCommonName dbase
column comprising all the CN values in found in the Subject and then
space-separated-concatenated.
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
