On 22/09/16 18:48, Jakob Bohm wrote: <snip> > While you are at it: > > 1. How many WoSign/StartCom certificates did you find with domains not > on that IANA list?
Hi Jakob. I wasn't looking for this sort of thing, because Gerv was only interested in "unique base domains (PSL+1)". I think there were ~200 internationalized domain names amongst the certs issued by StartCom, of which about half have internationalized TLDs. I ignored all of these, on the assumption that the Punycode representation of each would also be in the cert. BTW, I also found certs containing the following public suffixes (i.e., PSL+0), some of which may be of interest: WoSign: cloudapp.net github.io qa2.com kuzbass.ru StartCom: astrakhan.ru chirurgiens-dentistes-en-france.fr (and *.chirurgiens-dentistes-en-france.fr) chita.ru (and *.chita.ru) duckdns.org goip.de gouv.ci gov.sc ivanovo.ru karelia.ru lipetsk.ru logoip.com logoip.de net.tj nsupdate.info realm.cz sandcats.io tsk.ru uem.mz > 2. How many WoSign/StartCom certificates did you find for other uses > than https://www.example.tld: > > 2.1 Certificates for "odd" subdomains such as "extranet.example.com" How do you algorithmically determine "odd" ? > 2.2 Certificates for e-mail > > 2.3 Code signing certificates > > 2.4 Others? I only looked for CNs, dNSNames and iPAddresses. Are these other types of cert of particular interest for some reason? -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy