On Mon, Feb 21, 2011 at 1:36 PM, Nick Mathewson nickm@freehaven.net wrote:
Aha. Let's see if I have the tor-dev address right at long long last. Apologies to Peter, who will have received more than one copy of this already.
I did a quick scan of a subset of the EFF Observatory data (where `subset' is defined as: I hit Ctrl-C after letting tar run for a while).
Selecting only self-signed certs and sorting by Organization, here are the counts:
<snip> 691 Internet Widgits Pty Ltd 757 NetKlass Techonoloy Inc 825 Apache Friends 882 HTTPS Management Certificate for SonicWALL (self-signed) 952 Cisco-Linksys, LLC 1141 DrayTek Corp. 1933 Xtera Communications, Taiwan 6803 SomeOrganization 10253 Hewlett-Packard Co. 11811 Fortinet Ltd.
(from 52341 total self-signed certs)
"Internet Widgits Pty Ltd" is the OpenSSL default. "Hewlett-Packard Co." are JetDirect printers. "Fortinet Ltd." is some gateway manufacturer.
Tor doesn't have to pick a single type I believe. It could pick between some number of templates at first-run (although Forinet tend to be 2048-bit and HP are 1024-bit). Here are examples of the HP and Fortinet certs:
Fortinet:
-----BEGIN CERTIFICATE----- MIIC4jCCAcqgAwIBAgIEllaMYTANBgkqhkiG9w0BAQUFADAzMRkwFwYDVQQDExBG RzEwMEMzRzA5NjAwMzM3MRYwFAYDVQQKEw1Gb3J0aW5ldCBMdGQuMB4XDTA5MDEy MTIyNTYwM1oXDTE5MDEyMjIyNTYwM1owMzEZMBcGA1UEAxMQRkcxMDBDM0cwOTYw MDMzNzEWMBQGA1UEChMNRm9ydGluZXQgTHRkLjCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAM4qbL3qGi71AZBUB1mTkhFO03qP7Z7b7dXrT1fhw8QXknlA UtAGWBs5ZPWB39OKpyJoRK4+HG8D4fJ0kuwiTnpP/3WBe+manK5S13wCKgME05aV q5gRgWw/R5/1xyXF9a9YvuR3fJZvODtlR9MKjAa44YGHZguaPEucBKw8BtA7wCYc d8rVh8hNBH67QVSLLCm48lytrnmccjshNxo5eI8x3ESxc0Am7+8vrNkNsttsUMG+ D8knI0rJqf9JCaogtfv1lKzYF0I1EOpTsT+lwyS9g5yPAZ2qGGFeLt3C9aoGiXUS iX7tn3krpVn5/eM7gpG0VpY/4AnlUyvPevHRuqcCAwEAATANBgkqhkiG9w0BAQUF AAOCAQEAGT6/jxUOEWJ1YCliKZtdhY9K1/uz8da9FYrlmhFdPPIwnUh8sgtC4bSP bifq1hQIDPXTcJ6PirYc85EhaH/JiI5inAIUUQTJk8Cu13j+/DtxiiprOVa4iu73 VY2x0qFaxGfK0wOOFnbvqodibUmSKoCxKnowwqcPC8ZpSAojtLibGv1OcIHzoWSA WrmMGFxyilPb4nsuvFDcgjK6OlccI+sy0vLTzkOrRXq+hyCu05NCai99mnD1tWwG TBKXqKYTpQI+kuZ5HyUfzzOV47DyZ71BI3zqCxN0DEMWW4Mu/lw97rNY7iiiuZcC Qp5iGquemw/lF1FaAKRQEXS351SS8w== -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIIC4jCCAcqgAwIBAgIEaAxnSjANBgkqhkiG9w0BAQUFADAzMRkwFwYDVQQDExBG RzMwMEIzOTA5NjAzMDA1MRYwFAYDVQQKEw1Gb3J0aW5ldCBMdGQuMB4XDTEwMDMy NDIxMzYyNFoXDTIwMDMyNDIxMzYyNFowMzEZMBcGA1UEAxMQRkczMDBCMzkwOTYw MzAwNTEWMBQGA1UEChMNRm9ydGluZXQgTHRkLjCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAKRnRUhLqL6DVQCcyao97X+l+7ntSaoU41ngK3tEIWgmlIdV rQ7kDyxkH0xPt7C/D6FEEfV3PNGs0QBgVa9Hp5jLKtJBKCgYvlFzaR0/tQcw+g+s j5yl6EoXDVtNdcR/Nfe4GaXSf9NKMMTskeHC71STak1l5wdB40Wjxm+YYR9/aQjB mypm7nzq+G+keOOmsOvJFlhFpvHaTwymdqyodeXrSS+t1Day07RfgLhPzvVXdm74 87XF+349foaxfVHdHVvsnM9JmJqwIoZFFvIp3Eo5K5xJllCL+x6yUJp8WdASflq7 qUnu1EQpw7J3Q65fzshr6pp3W5Ii7Vu6ScwOmvECAwEAATANBgkqhkiG9w0BAQUF AAOCAQEAk5tgoqJ0uUCdqn6bvzB/qClkCk+uWLg+SSJnPEAsM4WMfmmcdnuGSObl co4bcPSCNCsT2DYP69lMAuK3BfgFv45tfklOuFDzxvN3zr2S6NE+SG1jgpdQleov J5UQB8qJx0neKlXZBSlTDk/xbWhs9gUaY+DT+tS0aEmTvLha8/da/BzDMIlC1FCc igZu0oQ2nUnZrfKHvt+XimJW/5jJFXRgUN1KYPtJTRGrPm8pqb87aJvnPeEYPmt8 Wmo1pkLY8NPtn7uS8GN/8REQ2Wu0mc22mqGbifHBJgvwRNagPFId8E6D6bhsz7b+ 2YSmWPbgbCO0sll9OK3XAInkn7D0cw== -----END CERTIFICATE-----
HP:
-----BEGIN CERTIFICATE----- MIICYzCCAcygAwIBAgIBAjANBgkqhkiG9w0BAQQFADBmMR4wHAYDVQQDExVIUCBK ZXRkaXJlY3QgMEFFQ0MwNjcxHDAaBgNVBAoTE0hld2xldHQtUGFja2FyZCBDby4x FTATBgNVBAsTDDAwMTEwQUVDQzA2NzEPMA0GA1UECxMGSjc5MzRHMB4XDTA2MDQw MTAwMDAwMFoXDTExMDQwMTAwMDAwMFowZjEeMBwGA1UEAxMVSFAgSmV0ZGlyZWN0 IDBBRUNDMDY3MRwwGgYDVQQKExNIZXdsZXR0LVBhY2thcmQgQ28uMRUwEwYDVQQL EwwwMDExMEFFQ0MwNjcxDzANBgNVBAsTBko3OTM0RzCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEAvEP7Lbw4+vQTXzNFZYlJhwuSXDLir8UapfVFXYWhrqNQw4kO VUFhI5DIhY5AFIQA3oXKqMmIzUQALugkYhCd9Wt+CGrR0uocx0Ea++5K9mnsvJPQ JFzketi/Ow8pEA5X18VhlIflwQ/GhezG/a9IA/DjeLs0lIUy9iaoR6hsZ7MCAwEA AaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB BAUAA4GBAANeDCx2M7ToEIf/Pt/EKFtZ+9nLb7byaqXzOv35hFum9ZqhWtBwa/yD +YQU33nakbM0UXsTQ8S3r8ojMNbmQMZMqqXg7M4Vh8bCPem9rWm33oKvBxYeQk9A ZTbWY3M+9TDV1OYim2BCKr6XkTjV8S65vNtpW+r5+znYcCnPCwlt -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIICYzCCAcygAwIBAgIBAjANBgkqhkiG9w0BAQQFADBmMR4wHAYDVQQDExVIUCBK ZXRkaXJlY3QgMzg4RUMyOTgxHDAaBgNVBAoTE0hld2xldHQtUGFja2FyZCBDby4x FTATBgNVBAsTDDAwMTQzODhFQzI5ODEPMA0GA1UECxMGSjc5NDlFMB4XDTA1MTEw MTAwMDAwMFoXDTEwMTEwMTAwMDAwMFowZjEeMBwGA1UEAxMVSFAgSmV0ZGlyZWN0 IDM4OEVDMjk4MRwwGgYDVQQKExNIZXdsZXR0LVBhY2thcmQgQ28uMRUwEwYDVQQL EwwwMDE0Mzg4RUMyOTgxDzANBgNVBAsTBko3OTQ5RTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEAxwIexEqFIClHQTjSELGOg5K5BvKVGbTYx8SHKL1TE5Wp9OSi geca3Nac4lURC+WEMZUIn8mo+EZ20w/NgsTx6igTSrK8kPQ9sjboKh3sCTHQORbw 2Tv8sNnrOp92IWRVeZl3p+zJ+c1XvKXFPPyL59d6o+SWPkb/2RP9X5SUOwkCAwEA AaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB BAUAA4GBAGoaU8ZXqzke+qfb3yYpfY68V0wVTeqiJApLRnQZ/YBfdvpapqr5mfus AoWTWDsqL0yQPAUaD7KngYhIO2FPNWV9Wy8gC8TtX6Zkr3s/4OiBXMBdwxVZ/Rab J2JGtyI2s0zILEXcwtQq1fM86Z4RCAOpz2EuIBbzmxcdLfsqGW0I -----END CERTIFICATE-----