On 22/09/16 18:48, Jakob Bohm wrote:
<snip>
> While you are at it:
> 
> 1. How many WoSign/StartCom certificates did you find with domains not
>   on that IANA list?

Hi Jakob.  I wasn't looking for this sort of thing, because Gerv was
only interested in "unique base domains (PSL+1)".

I think there were ~200 internationalized domain names amongst the certs
issued by StartCom, of which about half have internationalized TLDs.  I
ignored all of these, on the assumption that the Punycode representation
of each would also be in the cert.

BTW, I also found certs containing the following public suffixes (i.e.,
PSL+0), some of which may be of interest:

WoSign:
cloudapp.net
github.io
qa2.com
kuzbass.ru

StartCom:
astrakhan.ru
chirurgiens-dentistes-en-france.fr
(and *.chirurgiens-dentistes-en-france.fr)
chita.ru
(and *.chita.ru)
duckdns.org
goip.de
gouv.ci
gov.sc
ivanovo.ru
karelia.ru
lipetsk.ru
logoip.com
logoip.de
net.tj
nsupdate.info
realm.cz
sandcats.io
tsk.ru
uem.mz

> 2. How many WoSign/StartCom certificates did you find for other uses
>   than https://www.example.tld:
> 
> 2.1 Certificates for "odd" subdomains such as "extranet.example.com"

How do you algorithmically determine "odd" ?

> 2.2 Certificates for e-mail
> 
> 2.3 Code signing certificates
> 
> 2.4 Others?

I only looked for CNs, dNSNames and iPAddresses.  Are these other types
of cert of particular interest for some reason?

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to