[cabfpub] Possible CAB Forum objection to some gTLD applications
BTrzupek at trustwave.com
Sat Jun 30 00:20:11 UTC 2012
Geoff - this IS very interesting data. What was the size of the data set to start?
Sent from my iPhone
On Jun 29, 2012, at 4:12 PM, "Geoff Keating" <geoffk at apple.com> wrote:
> I ran some queries against my database of certificates. There were 385 domains for which I saw at least one certificate with a DNS name whose last component was in the list of 1300 new gTLD names. There were 215 domains with a certificate where the domain name had more than one component (eg 'autodiscover.active' rather than just 'active').
> These results included all certificates, including self-signed and expired. Self-signed certificates are still affected because if a trusted CA issues autodiscover.active, it'll allow a man-in-the-middle attack against a self-signed autodiscover.active.
> What I found surprising was the most popular name. I had for sure expected something like 'corp' or 'exchange'. It actually turns out that the most popular, by a huge margin, is 'box':
> box 129973 (associated with 26164 certificates, almost all self-signed)
> mail 7530 (of which almost all are just 'mail')
> exchange 4881 (of which almost all are just 'exchange')
> corp 3891
> office 492
> The full list, counted by DNS names (so two certificates each containing 'mail' and 'www.mail' total to 4), is this:
> I also made a list of the number of unexpired trusted certificates in each proposed TLD, containing more than one component. These are the certificates that would likely need to be revoked, if they haven't been already. Here '.corp' is the most popular:
> Public mailing list
> Public at cabforum.org
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
More information about the Public