Hi, I've looked at hosts that send new certs frequently. That is to be distinguished from 'CDN services' where a server farm sends a couple of certifictes depending on DNS mapping or load balancer (thus observer sees cert A, then B, ..., then A).
An example of frequent issuer (i.e. observation timespans don't overlap, cert's "not_before" roughly matches first observation time): Sample 29 certs sent by single host in 71 days period: http://constructibleuniverse.net/frequent_reissuers/frequent_reissuers.txt The reason for frequent reissuing is probably that the above certs are used for some webserver farm (as witnessed by many SANs). I guess each time a new FQDN is added/removed from hosting, they issue new cert - ones I checked followed that add/remove SAN/CN patter. Occasionally some get revoked, not sure what's their criterium for revoking. There are around 200 such hosts I know of that get new cert issued at least once every 4 days, on average (all having the same issuing CA). The issuing frequency might be a good lead for setting DOS-protection limit of allowed protocol changes per time unit in Sovereign Keys implementation (original draft had 5 changes per month, IIRC). One additional consideration for "pinning cert protocols" (DANE, Sovereign Keys, Auditable CAs, ...) is that such a frequent change must reflect fast to relying clients. Shouldn't be really a problem, just a point to note. -- On a side note: while concept of frequent reissuing of certs may not be flawed per se, though I have a weird feeling about it. Given the number of hosts in CNs and SANs, it might be easy for human reviewer to miss what is changed (or they have just good tools to avoid that). Another possibility is that the process is automated, only automated checks take effect. Any thoughts on how it actually works? (Their CPS is in French, so couldn't read it). Side note 2: is there any resolution how to handle multiple CNs in certificate's Subject? Latest mention I found about multiple CNs was Dan Kaminsky's paper/talk (2008?) - basically every TLS implementation does something else. Why are multiple CNs present/allowed in the first place? Thanks for bearing this far (sorry for my "compulsive writing" :-)) Ondrej
