[cabfpub] How old are publicly-trusted serverAuth certs when they are revoked?
rob.stradling at comodo.com
Fri Feb 17 22:53:53 UTC 2017
On 17/02/17 15:33, Tom Ritter wrote:
> <Puts on his asking for more hat>
> Can it be broken out by revocation reason?
Hi Tom. Good idea. I'll do that on Monday. I'm already storing the
revocation reasons on the crt.sh DB.
> (Or is revocation reason
> considered so worthless as for this not to be a useful exercise?)
Maybe we'll be able to answer that question on Monday. :-)
> On 17 February 2017 at 06:42, Rob Stradling via Public
> <public at cabforum.org> wrote:
>> I found this interesting, so I thought I'd share it. :-)
>> Yesterday I ran a query on the crt.sh database to gather data on...
>> ageWhenRevoked = trunc(revocationDate - notBefore)
>> Here are the results:
>> The data set includes all revoked, unexpired serverAuth certs for which
>> there's a known (to CT) serverAuth trust chain to any root cert that's
>> trusted by at least one of the major root programs (Microsoft, Mozilla,
>> Apple, Java).
>> There are some obviously bogus revocationDates in the data set (e.g., -920
>> days before the notBefore date!) However, if we assume that most
>> revocationDates in CRLs are accurate, these results show that, in general,
>> the likelihood of revocation decreases approximately logarithmically as a
>> certificate ages.
>> There are spikes around certificate birthdays, which are presumably due to
>> (i) revalidation failures and/or (ii) customers cancelling regular payment
>> Rob Stradling
>> Senior Research & Development Scientist
>> COMODO - Creating Trust Online
>> Public mailing list
>> Public at cabforum.org
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
COMODO CA Limited, Registered in England No. 04058690
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
More information about the Public