Thanks Hubert. I was guessing about 1,000 sites so seeing 3,000 is better but still small. What I didn't expect is that fewer than 50,000 sites present themselves as being secure in the first place. That's smaller than it ought to be.
The real shocker however is how many sites exhibit known vulnerabilities. The Heartbleed stat especially stands out. I suppose those sites are given an F rating but really the certs need to be revoked in all 738 cases. Any way the CA's can help us confirm that any site which is vulnerable to Heartbleed has had its cert revoked? Original Message From: Hubert Kario Sent: Friday, September 26, 2014 6:07 AM To: fhw...@gmail.com Cc: dev-security-policy@lists.mozilla.org Subject: Re: HSTS ----- Original Message ----- > From: fhw...@gmail.com > To: dev-security-policy@lists.mozilla.org > Sent: Thursday, 25 September, 2014 7:39:33 PM > Subject: Re: HSTS > I'll address the DoS thing momentarily but first I'm curious if there's any > data out there on how widely deployed HSTS currently is About 2% of sites advertise HSTS, see https://www.trustworthyinternet.org/ssl-pulse/ -- Regards, Hubert Kario _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy