IETF Logo Mail Archive

Re: [certid] open issue: wildcards in component fragments

"Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Tue, 12 October 2010 19:28 UTC

Return-Path: <jwkckid1@ix.netcom.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5B8073A69E9 for <certid@core3.amsl.com>; Tue, 12 Oct 2010 12:28:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.702
X-Spam-Level:
X-Spam-Status: No, score=-1.702 tagged_above=-999 required=5 tests=[AWL=0.897, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o7lAsdRJstOW for <certid@core3.amsl.com>; Tue, 12 Oct 2010 12:28:46 -0700 (PDT)
Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]) by core3.amsl.com (Postfix) with ESMTP id D71E83A6A4F for <certid@ietf.org>; Tue, 12 Oct 2010 12:28:45 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=nYuABfuEElaoJMciXUaF+eJPPU0E7z8LgwDqwFQJ1LbMpD8uIkFUhHN/kKfp1S7q; h=Message-ID:Date:From:Reply-To:To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.36] (helo=elwamui-hybrid.atl.sa.earthlink.net) by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1P5kXw-0000qU-El for certid@ietf.org; Tue, 12 Oct 2010 15:30:00 -0400
Received: from 99.93.224.206 by webmail.earthlink.net with HTTP; Tue, 12 Oct 2010 15:30:00 -0400
Message-ID: <15609755.1286911800356.JavaMail.root@elwamui-hybrid.atl.sa.earthlink.net>
Date: Tue, 12 Oct 2010 14:30:00 -0500 (GMT-05:00)
From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
To: certid@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e51960688145120d3ad1e44ed14b153846b1ed016350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.36
Subject: Re: [certid] open issue: wildcards in component fragments
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2010 19:28:47 -0000

Joe and all,

  I concur.  


-----Original Message-----
>From: Joe Orton <jorton@redhat.com>
>Sent: Oct 12, 2010 5:00 AM
>To: certid@ietf.org
>Subject: Re: [certid] open issue: wildcards in component fragments
>
>On Mon, Oct 11, 2010 at 12:43:29PM -0600, Peter Saint-Andre wrote:
>> Speaking of which, someone contacted Jeff and me off-list about some
>> research results showing that of a very large number of certificates
>> presented by TLS-protected websites, less than 0.01% contain wildcards
>> in component fragments. Given that minuscule level of deployment, I
>> don't see good reasons to spend more cycles on the topic.
>
>The relative number of certs is less relevant than how widely those 
>certs are used, surely.  I checked the "top 1m sites" database from:
>
>http://blog.johnath.com/2009/01/21/ssl-information-wants-to-be-free/
>
>- 382860 total sites (hostnames) returned a cert
>- 94438 of total sites used a wildcard cert (24%)
>- 5% of total sites use the wildcard cert with CN=*.blogger.com
>   ... other blogging/mass-hosting sites similarly high usage
>
>Only a handful (5) use the "f*.example.com" form; all those were certs 
>issued by the GoDaddy and starfieldtech.com CAs.
>
>I support Martin's arguments that the "f*.example.com" form specified in 
>RFC 2818 should be supported.
>
>Regards, Joe
>_______________________________________________
>certid mailing list
>certid@ietf.org
>https://www.ietf.org/mailman/listinfo/certid

Regards,
Jeffrey A. Williams
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com
Phone: 214-244-4827

v2.8.7 | Report a Bug | By Email