For each site in the survey, there is a page containing the details returned and decrypted from the site in response to our request.
Below is an annotated example response. The text of the original page is reproduced, with commentary added in italics.
Current Information Get latest information using Netcraft's online query form Visit Site Go to the site itself, using https
The information in this section is taken from the "Subject" field of the certificate. This is all that identifies the certificate's owner.
Production Organisational Unit, ie division or department VeriSign, Inc. Organisation Mountain View Location US Country as a two letter ISO code Common name: www.verisign.com The common name is expected to match the site name in the URL.
The Common Name may contain patterns with alternates and wildcards, so a single certificate may sometimes be legitimately used for a set of related sites.
The details in this section are not part of the certificate itself. The server signature is normally returned with any HTTP response.
Netscape-Enterprise/3.5.1
The details of the ciphers supported by the server are obtained from the negotiation performed by the SSL protocol. We offered a complete set of ciphers, and recorded the ones shared with the server.
Supported SSL ciphers:
Other possibilities for the cipher are IDEA and AES. SSL permits two forms of RC2 and RC4: a 128-bit key version, and a version restricted to 40-bit keys to comply with past US export regulations. Triple DES, RC2, RC4 and IDEA can all use keys of 128 bits or more, and are currently immune to exhaustive search of the possible keys to crack a message. DES, with a 56-bit key, and the 40-bit versions of RC2 and RC4, are amenable to direct searching, and this could be done achieved by a moderately large organisation with sufficient motivation. Other methods of attacking ciphers depend on the details of the algorithm, and Triple DES is seen as a safe, conservative choice, since the DES algorithm has received in excess of twenty years of intense scrutiny.
The validity period is an important part of the details contained within a certificate. By limiting the validity to a short period, the issuer reduces the likelihood of the data on which the certificate is based becoming obsolete, or a key contained in it becoming compromised. Certificates also contain a unique serial number.
Valid from: Jul 13 00:00:00 1999 GMT Valid to: Jul 14 23:59:59 2000 GMT Serial number: 0x2da6a8672bb7d42f8c461a1b81b1f7c7
The information in this section is all taken from the "Issuer" field of the certificate. It identifies the organisation which issued the certificate, and therefore which public key should be used to check the signature on it.
This certificate has the interesting feature that it was in effect self-signed (VeriSign is itself a certificate authority and signs its certificates as RSA Data Security Inc.).
Secure Server Certification Authority Organisational Unit, ie division or department RSA Data Security, Inc. Organisation US Country as a two letter ISO code
Copyright © Netcraft 1996-2006