[SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
Ralph Holz
holz at net.in.tum.de
Mon Nov 7 14:27:37 PST 2011
- Previous message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Next message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Hi,
>> The 650 number came from the number of distinct values for the "Organization"
>> field in the DN. We saw more than 1500 CA certificates, and around 1200
>> DNs.
>
> That's big. I hadn't previously read that "650" was an already
> stripped-down value.
Ah. That clears that up. Well done. It should also address Phillip's
concern, at least on a "coarser" level. A question that remains is how
many "O" strings actually semantically identify the same organisation,
and how many of these CA certs have been found to issue signatures.
@Peter, did you attempt to check for similarities in the "O" or "OU"
strings?
BTW, I just had a look at the Defcon slides again - EFF do mention "651
organisations" as opposed to 1,500+ CA certs. And to be clear, roughly
that latter number is "trustable" from the Mozilla or Windows root store.
Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111107/1e4a240e/attachment.sig>
- Previous message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Next message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Observatory
mailing list