ietf
[Top] [All Lists]

Re: Global PKI on DNS?

2002-06-14 12:39:59
Eric:

Thanks for your clarification.

But CAN DO is not DO.  Many SSL-capable servers
are not actually using SSL ( looks like a factor of 10:1).

Second, the number 30,000 that I cited was for servers, not web
sites, where you need to factor in the virtual servers (as I
commented). That number comes from 2001 data published by
Certicom and other sources (eg -- company leaflet).  True,
NCipher for example reports that Netcraft's SSL survey for
October 2001 counted over 140,000 web sites offering SSL
connections  with valid server certificates.  Still, when you
count web sites (not just servers), don't you think that
140,000 certs/year (of which close to 20% have key lengths
shorther than 640 bits) is a very very low number of customers
to divide among all those companies selling servers certs?

In short, IMO what is important here is that the PKI server cert
market is a pin head market that does not justify all the bloated
expectations around it. It simply does not size up.

Cheers,

Ed Gerck



Eric Rescorla wrote:

Ed Gerck <egerck(_at_)nma(_dot_)com> writes:
PS: IMO the PKI market has been grossly exaggerated.  There are only
30,000 servers worldwide that can do SSL -- which limits PKI server certs
to that number worldwide, with a factor for virtual server usage.
These numbers sound quite low. Netcraft's 2001 SSL survey reported
500,000 SSL sites with 121,000 of those having valid third
party certificates.

Heck, Netcraft's April survey shows 41,000 installations of Stronghold
alone, all of which can do SSL.

-Ekr

--
[Eric Rescorla                                   ekr(_at_)rtfm(_dot_)com]
                http://www.rtfm.com/




<Prev in Thread] Current Thread [Next in Thread>