On Feb 21, 2011, at 12:54 PM, Adam Langley wrote:
I agree that forcing collateral damage is the key here. The current code generates `random' certificates, but it's pretty easy to pattern match them and there's no collateral damage to doing so.
The thing that seems most correct to me, and most true, and is also likely to look like a lot of self-signed HTTPS hosts, is to just create a cert that looks like what a "good" self-signed cert would look like: a subject name that matches the host's internet-facing identity (IP and/or hostname), with reasonably common cryptographic parameters, and real-ish information in the fields like OU and so on (perhaps automatically culled from hostnames or Tor relay names or something).
As the Observatory shows, self-signed certificates outnumber CA-signed certificates. Fitting in with the self-signed world, of which those CPE things like printers and routers are just a subset, seems reasonable.
I don't know if it's possible to do better than to "just sort of look like a web server with a self-signed cert".