On 22/1/09 22:37, Johnathan Nightingale wrote:
It's certainly possible to add sites, though as I said in the post, it's not my aim to be exhaustive. I just want to be thorough enough to be able to draw meaningful conclusions from the data.
That's fine by me. I don't think you can be exhaustive because a lot of sites are hidden.
Anecdotally and from memory of a few years back: securityspace used to report that Verisign had around 100k certs out there, but Verisign employees said that was a massive underestimate. Their public filings and some scratch calculations suggested they had around 400k certs issued, at the time.
Those numbers are unreliable, but may point to something like a dark cert space of 3 times the visible cert space. It would be good to have a better estimate.
Hence there is no point in being exhaustive; you can't measure what you can't see anyway.
iang -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
