Re: [TLS] Eleven out of every ten SSL certs aren't valid

Tim Dierks <tim@dierks.org> Tue, 29 June 2010 21:22 UTC

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=IFXTPtTYl80Rf4ahYe4eBL6G/nidW6VFAF2R4mXOBAt5+nYQ/cnOhMb6bnadRP61vb V5yc5vrfr1+Nra+GMf8GeLsQEd2vWbSCIgZL+rMTXzY/j/0dPH9LGBPzeO8uu2u/g7Xa 1B82vK3WGZHs0rvEHEVdflXLbgTTX9z1dMByE=
MIME-Version: 1.0
Sender: tdierks@gmail.com
In-Reply-To: <AANLkTinCMFMW0VHjL3AyetcqGgrEtGsO1nSqyQS45lX8@mail.gmail.com>
References: <E1OTVaY-0004g3-OW@wintermute02.cs.auckland.ac.nz> <20100629163354.GR11785@oracle.com> <AANLkTim6sYWlPSRUwYHP4UfkUNkfiVQ7xbj28fF6fOmz@mail.gmail.com> <4C2A45C9.3010608@extendedsubset.com> <AANLkTinHVJGrnBl93qCfrrbHGlTP_yEMX8PMRduSIKgd@mail.gmail.com> <20100629203546.GW11785@oracle.com> <AANLkTinCMFMW0VHjL3AyetcqGgrEtGsO1nSqyQS45lX8@mail.gmail.com>
From: Tim Dierks <tim@dierks.org>
Date: Tue, 29 Jun 2010 17:21:53 -0400
Message-ID: <AANLkTikWtwMixaB2tFMoccz8UW9XZtR_9SAYw1cdeGZZ@mail.gmail.com>
To: Ivan Ristic <ivan.ristic@gmail.com>
Content-Type: multipart/alternative; boundary="0016e647568cbc5a7e048a31d413"
Cc: tls@ietf.org
Subject: Re: [TLS] Eleven out of every ten SSL certs aren't valid
Precedence: list

On Tue, Jun 29, 2010 at 5:18 PM, Ivan Ristic <ivan.ristic@gmail.com> wrote:

> Nico, forgive me for not answering your questions, but I don't have
> enough time to give them justice.
>
> In brief, I am not demanding nor proposing anything. I am just
> measuring. If you can think of a better way to measure things, I will
> be all ears.
>

I would suggest you crawl the web for invalid links (https links that point
to servers with invalid certificates), or find SSL servers which are not
available at the DNS servers named in their certificates.

 - Tim

Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
[TLS] Eleven out of every ten SSL certs aren't va… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… Adam Langley
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… Blumenthal, Uri - 0668 - MITLL
Re: [TLS] Eleven out of every ten SSL certs aren'… Rob P Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Joshua Davies
Re: [TLS] Eleven out of every ten SSL certs aren'… Yoav Nir
Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
Re: [TLS] Eleven out of every ten SSL certs aren'… Rob P Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Nikos Mavrogiannopoulos
Re: [TLS] Eleven out of every ten SSL certs aren'… Bill Daskaluk
Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
Re: [TLS] Eleven out of every ten SSL certs aren'… Jeffrey A. Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
Re: [TLS] Eleven out of every ten SSL certs aren'… Bill Frantz
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Florian Weimer
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
Re: [TLS] Eleven out of every ten SSL certs aren'… Blumenthal, Uri - 0668 - MITLL
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… Steffen Schulz
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Seth David Schoen
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… =JeffH
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Steingruebl, Andy
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Steingruebl, Andy
[TLS] TLS, PKI, and web security. Was: Eleven out… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Marsh Ray
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Robert Relyea
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Bruno Harbulot
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Robert Relyea
Re: [TLS] TLS, PKI, Marsh Ray
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Marsh Ray
Re: [TLS] TLS, PKI, Bruno Harbulot
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Yoav Nir
Re: [TLS] TLS, PKI, Yoav Nir
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Bruno Harbulot
Re: [TLS] TLS, PKI, Robert Relyea
Re: [TLS] TLS, PKI, Marsh Ray
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Steingruebl, Andy
Re: [TLS] TLS, PKI, Kyle Hamilton
Re: [TLS] TLS, PKI, Marsh Ray
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Bruno Harbulot
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Marsh Ray
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Ralph Holz
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Yoav Nir
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Nasko Oskov
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Kyle Hamilton