[certid] weird CN-IDs (subjectCommonName) in SSL Labs Survey Data
=JeffH <Jeff.Hodges@KingsMountain.com> Sun, 17 October 2010 04:39 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id DD6AF3A68D5 for <certid@core3.amsl.com>;
Sat, 16 Oct 2010 21:39:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.271
X-Spam-Level:
X-Spam-Status: No,
score=-100.271 tagged_above=-999 required=5 tests=[AWL=-0.640, BAYES_50=0.001,
GB_I_LETTER=-2, IP_NOT_FRIENDLY=0.334, SARE_URI_EQUALS=1.666, URI_HEX=0.368,
USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RZMSBe76U6ZV for
<certid@core3.amsl.com>; Sat, 16 Oct 2010 21:39:22 -0700 (PDT)
Received: from cpoproxy1-pub.bluehost.com (cpoproxy1-pub.bluehost.com
[69.89.21.11]) by core3.amsl.com (Postfix) with SMTP id 487A13A686B for
<certid@ietf.org>; Sat, 16 Oct 2010 21:39:22 -0700 (PDT)
Received: (qmail 25905 invoked by uid 0); 17 Oct 2010 04:40:47 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by
cpoproxy1.bluehost.com with SMTP; 17 Oct 2010 04:40:47 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com;
h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User;
b=aqyWwMf3Kt7sOJyWaiHpI+4h1JC9laGjyKme1nVmFZ+G8BFZxL5UyQxy03QEUkrwU5M0A8SkKj7+mEj+BeAiPfSiCqCeUhEmJbycrtymfVrnOVnhik1yPpHfqk7RrMJQ;
Received: from c-24-4-122-173.hsd1.ca.comcast.net ([24.4.122.173]
helo=[192.168.11.10]) by box514.bluehost.com with esmtpsa
(TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from
<Jeff.Hodges@KingsMountain.com>) id 1P7L38-00074W-RG for certid@ietf.org;
Sat, 16 Oct 2010 22:40:47 -0600
Message-ID: <4CBA7E4C.1030609@KingsMountain.com>
Date: Sat, 16 Oct 2010 21:40:44 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: IETF cert-based identity <certid@ietf.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com}
{sentby:smtp auth 24.4.122.173 authed with jeff.hodges+kingsmountain.com}
Subject: [certid] weird CN-IDs (subjectCommonName) in SSL Labs Survey Data
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2010 04:39:32 -0000
>> all 867361 have a "CN=" in the subject name (CN-ID). > > I'd be curious how many have Common Names that are intended to be DNS > domain names like "www.example.com" and how many have plain old names > like "Example Systems, Inc.". Ok, I extracted all CN-IDs (subjectCommonName) in SSL Labs Survey Data, hacked up a regex, wrapped it with some perl, and found there's 1151 "weird" CN-ID values in the data ( 0.13% ). These are string values that don't match a regex describing a optional-whitespace-wrapped LDH (Letter-Digit-Hyphen) domain name (note that an IDN won't match this (one's included below)). Some examples highlighting the variety of types I observe when browsing the "weird" CN-ID values are below. Note that I didn't try verifying this data (eg by checking that the subjectCommonName column matched the CN attributes value in the subject column in the dbase table, nor by going and querying the servers and verifying the cert returned matches the dbase entries). =JeffH ALL IN ONE services.acheckamerica.com suite.agile1.com www.etimeentry.com ALL IN ONE iNDivia.net Net Services incelis Inc. intranet.zsi.at bibliothek.intranet.zsi.at webmail.intranet.zsi.at wiki.intranet.zsi.at ztools.intranet.zsi.at HTTP TLS/SSL Certificate self-signed Marty Ledgerwood www.southvalleywealth.org rsa-key 5418825488 0162022008002919 68.185.19.85 Exchange Wildcard *.bluevalleyk12.org schoolcenter.bluevalleyk12.org www.bluevalleyk12.org (www|zeus).asap-solution.com 193.46.210.226 serveco-ua.com thenamelessdomain Server Certificate www.ÙستضÙÙ-ÙÙÙ .com Yandex Serp PACKAGING TAPE www.airmovers.com www.carpetextractors.com www.cleanfreak.com www.floorbuffers.com www.floorscrubbers.com www.packagingtapeinc.com www.ptipackaging.com PACKAGING TAPE Yandex Tiny Corba Services www.cebbank.com+2.5.4.5=#130f313030303030303030303131373438 THE INTERNATIONAL SOCIETY FOR TRAUMATIC STRESS STUDIES istss.info istss.org www.istss.org THE INTERNATIONAL SOCIETY FOR TRAUMATIC STRESS STUDIES ownitsch.de HTTPS Certificate \x00*\x00.\x00p\x00s\x00e\x00a\x00l\x00o\x00c\x00a\x00l\x00s\x00.\x00o\x00r\x00g SOCIETY OF VERTEBRATE PALEONTOLOGY vertpaleo.info vertpaleo.org www.vertpaleo.org SOCIETY OF VERTEBRATE PALEONTOLOGY NET LOGISTICS PTY. LTD. secure.netlogistics.com.au www.netlogistics.com.au www.turboservers.com.au NET LOGISTICS PTY. LTD. PLATINUM ACQUISITIONS www.4closureprofits.com www.4closures4profit.com www.4ecloser.com www.bestdealsonforeclosures.com www.bspeaksforeclosesureinvest.com www.easyforeclosurefortune.com www.easyforeclosureinvestingsecretsrevealed.com www.easyforeclosurestrategies.com www.easystreetforeclosureinvesting.com www.estatereposite.com www.fastcashforeclosures.com www.forecloserinvestment101.com www.foreclosesimpleinvest.com www.foreclosure-investoptions.com www.foreclosurebeyond.com www.foreclosurecashsecrets.com www.foreclosurecottage.com www.foreclosureforprofits.com www.foreclosureinformations.com www.foreclosureinvestingforyou.com www.foreclosureinvestor5000.com www.foreclosurepatriot.com www.foreclosureprosperity.com www.foreclosureque.com www.foreclosurerewards.com www.foreclosures-pal.com www.foreclosures4agrand.com www.foreclosureuniversal.com www.foxforeclosureinvesting.com www.freesimpleforeclosure.com www.grandforeclosureinvesting.com www.homesforeclosuresale.com www.hugeforclosureprofit.com www.investforclosure.com www.investinforeclosurestoday.com www.investinginewforeclosures.com www.investinginfoforeclosures.com www.investingnforclosures.com www.investingwithforeclosures.com www.newforeclosureinfo.com www.newsecretforeclosures4less.com www.power-fore-closures.com www.profitfromforeclosure.com www.reclaimproperties.com www.riskfreeforeclosurefortunes.com www.seforclosures.com www.simple4closureinvesting.com www.simpleforeclosureinvest.com www.topforeclosuredata.com www.unlockthevaultforeclosers.com www.winwininforeclosures.com PLATINUM ACQUISITIONS --- end
- [certid] weird CN-IDs (subjectCommonName) in SSL … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … Martin Rex
- Re: [certid] weird CN-IDs (subjectCommonName) in … Matt McCutchen
- [certid] weird CN-IDs (subjectCommonName) in SSL … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … Rob Stradling