On Wed, Oct 6, 2010 at 11:04 AM, Kurt Seifried <k...@seifried.org> wrote: >> Thanks for the information, Kurt (and indirectly, Eddy). I would like >> to be accurate on this point and correct the story as necessary, but I >> need help in ensuring I have the right information and understand what >> it means, first. > > Where did you get you numbers exactly?
I detailed where I got the numbers in the original story: http://news.cnet.com/8301-30685_3-20018437-264.html But to reiterate, the 0.05% figure I got from Adam Langley's blog post, with the relevant quotation in the story and quoted in my earlier e-mail. The Web site total I got from NetCraft's September survey (http://news.netcraft.com/archives/category/web-server-survey/). The multiplication I did all by myself. I've now located the blacklist file, which at present has 661 sites blacklisted, so I suspect you guys are right on that basis, too. My guess is that Langley's blog post was unclear, at least to the non-expert reader (me). Blacklist site: http://www.google.com/codesearch/p?vert=chromium#OAMlx_jo-ck/src/net/base/ssl_false_start_blacklist.txt > Valid cert chain = signed certificate from a trusted root > (Verisign/etc.). SSL handshake = some SSL certificate (self signed, > internal CA, or external CA like Verisign/etc.). Thanks for that explanation--that helps. sts -- stephen.shankl...@cbs.com UK number: +44 (0)7538-841668 US number: +1 650-353-7878 http://news.cnet.com/deep-tech Twitter/Skype: stshank -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
