[SSL Observatory] More recent observatory data ? DigiNotar.nl ?
Ralph Holz
holz at net.in.tum.de
Mon Sep 5 09:53:50 PDT 2011
Hi,
On 09/02/2011 10:09 PM, =JeffH wrote:
> What's the most recent data you have available?
>
> Have you done any poking about your data from the last 2..3 months of
> 2011 to see if there's any forged/fraudulent certs issued by
> DigiNotar.nl in there ?
We have some recent data from a scan of the Alexa Top1M, and some from a
monitoring run we conducted here at a regional ISP here in Munich in
April 2011.
The scan (conducted from Munich, too) found ILIKE '%DigiNotar%' as
issuer in certs on 61 hosts, and 55 hosts for '%Overheid%' (might have
overlap, and I did not identify the issuer very precisely) [1].
The monitoring run yielded 23 occasions where DigiNotar-issued certs
were found in the chains, and 25 for Overheid. [2] As monitoring tends
to detect better what users actually do use (as opposed to what's
deployed), DigiNotar seems not to have been a large player, ever.
Of course, what I would love to do is scan from Iran... (we did scan
from China and a few other places once, but it was not too exciting).
[1] http://www.meleeisland.de/diginotar_scan_hosts_jul2011.csv
[2] We're subject to strict privacy laws here, and I am not sure if
giving you the subjects and CNs would be a violation - but they were all
.nl.
Regards,
Ralph
--
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110905/b8eb0fe1/attachment.sig>
More information about the Observatory
mailing list