Re: [certid] weird CN-IDs (subjectCommonName) in SSL Labs Survey Data
=JeffH <Jeff.Hodges@KingsMountain.com> Wed, 20 October 2010 16:00 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 282A73A6914 for <certid@core3.amsl.com>;
Wed, 20 Oct 2010 09:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.116
X-Spam-Level:
X-Spam-Status: No, score=-102.116 tagged_above=-999 required=5 tests=[AWL=0.149,
BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mnzlVOwTVMwb for
<certid@core3.amsl.com>; Wed, 20 Oct 2010 09:00:00 -0700 (PDT)
Received: from cpoproxy3-pub.bluehost.com (cpoproxy3-pub.bluehost.com
[67.222.54.6]) by core3.amsl.com (Postfix) with SMTP id 6675D3A684D for
<certid@ietf.org>; Wed, 20 Oct 2010 09:00:00 -0700 (PDT)
Received: (qmail 5702 invoked by uid 0); 20 Oct 2010 16:01:33 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by
cpoproxy3.bluehost.com with SMTP; 20 Oct 2010 16:01:33 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com;
h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User;
b=TYKk91uWuOLFEfcjNCtjYc909AaOVrIBTubDy/i56JqWTxSwtPDp9C5pcDbIV2+mtvhw+1EexlCGt4b2NL9PW4x7k+9mBEPhbph/XnTZkVW3M9kb9mxVDW9mqlVjgtu5;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.136.179]) by
box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69)
(envelope-from <Jeff.Hodges@KingsMountain.com>) id 1P8b6a-0002Ge-Ru;
Wed, 20 Oct 2010 10:01:33 -0600
Message-ID: <4CBF125C.6010704@KingsMountain.com>
Date: Wed, 20 Oct 2010 09:01:32 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>,
IETF cert-based identity <certid@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com}
{sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: Re: [certid] weird CN-IDs (subjectCommonName) in SSL Labs Survey Data
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2010 16:00:02 -0000
>>ALL IN ONE services.acheckamerica.com suite.agile1.com www.etimeentry.com ALL >>IN ONE > > Duplicate instances of the same AVA at both ends of the DN (I'd like to see > that go in an LDAP directory!). > >>intranet.zsi.at bibliothek.intranet.zsi.at webmail.intranet.zsi.at >>wiki.intranet.zsi.at ztools.intranet.zsi.at > > This contains a DN with components thrown together in more or less arbitrary > order, again with CNs at both the start and end of the DN. > >>PACKAGING TAPE www.airmovers.com www.carpetextractors.com www.cleanfreak.com >>www.floorbuffers.com www.floorscrubbers.com www.packagingtapeinc.com >>www.ptipackaging.com PACKAGING TAPE > > Another double-ended DN with all sorts of bizarro (non-CN) components all over > it. > <snip/> Yes, those are "odd", and as previously noted, the strings you're quoting above are comprised of extracted & concatenated-with-space-separators CN values that Ivan "smooshed" all together into one column ("subjectCommonName") in his database table. [If folks want to poke at the data themselves, request it from Ivan http://www.ietf.org/mail-archive/web/certid/current/msg00484.html ] fyi/fwiw, I count 946 certs in the dbase with more than one "CN" AVA in the subject DN, out of a total of 867361, so << 1%. WRT "Duplicate instances of the same AVA at both ends of the DN...", perhaps RobS can provide some rationale for this practice? Yes, they obviously aren't backing their CA databases with an X.500-based directory. I suspect hardly anyone (or even no-one) does so. =JeffH
- [certid] weird CN-IDs (subjectCommonName) in SSL … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … Martin Rex
- Re: [certid] weird CN-IDs (subjectCommonName) in … Matt McCutchen
- [certid] weird CN-IDs (subjectCommonName) in SSL … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … =JeffH
- Re: [certid] weird CN-IDs (subjectCommonName) in … Rob Stradling