OCSP Server Performance in March 2013
22nd April, 2013
The Online Certificate Status Protocol (OCSP) is an alternative method to Certificate Revocation Lists (CRLs) for obtaining the revocation status of an individual SSL certificate. Fast and reliable OCSP responders are essential for both Certificate Authorities (CAs) and their customers — a slow OCSP response will introduce an additional delay before many browsers can start sending and receiving encrypted traffic over an HTTPS connection.
Starfield Technologies, a Go Daddy brand, had the most reliable OCSP responder last month with only a single failed request and an average connection time of 24ms. Starfield Technologies was founded in 2003 as the technology research branch of Go Daddy. Go Daddy customers have the option to choose which issuing organization to use when buying an SSL certificate. Although both Go Daddy and Starfield appear to share the same OCSP responder infrastructure, ocsp.godaddy.com had five failed requests, however this was still fewer than StartCom, Symantec, and Trend Micro. Both Go Daddy and Starfield issue certificates in all three certificate assurance categories: Domain Validation (DV), Organisation Validation (OV), and Extended Validation (EV). Starfield is most prominent in the EV sector — more than 15% of all EV certificates issued within the group are issued by Starfield — but it remains only a small part of Go Daddy's SSL certificate business: Starfield accounts for just 10% of certificates issued.
StartCom had the shortest average connect time (11ms) of all monitored CAs last month after having moved its OCSP infrastructure at the end of February. StartCom, as well as Entrust, now delivers its OCSP responses via the Akamai CDN (Content Delivery Network), reducing the OCSP connection overhead to a minimum by serving content from as topologically close as possible to the client. GlobalSign is a CloudFlare evangelist, using CloudFlare's CDN platform for its OCSP and CRL infrastructure as well as their own corporate website.
Many of the monitored OCSP responders are served by Citrix Netscaler devices. Citrix Netscaler is a hardware appliance that provides, amongst other features, load balancing and firewall functions. The use of such load balancing technology is no surprise — a single certificate on a popular site that does not use OCSP stapling could generate a significant number of OCSP requests, causing a CA's responder to experience high volumes of traffic.
In many circumstances each connection to an HTTPS site could trigger multiple OCSP requests: a request for the server's certificate and one for each intermediate certificate. OCSP responses are typically valid for a week, so some caching is possible. Caching can reduce both the burden on OCSP responders and increase the perceived performance of HTTPS websites to users, but is limited to repeat visits. OCSP Stapling is designed to improve performance by allowing the web site's server to “staple” the OCSP response to the TLS handshake, removing the need for the client to connect to the CA's OCSP responder.
Netcraft measures and makes available the OCSP and CRL end point response times of all the major Certificate Authorities (CAs). The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.
Posted by Michael Tremante in Hosting, Performance, Security
Citrix NetScaler Serves More Than Ten Million Sites
3rd February, 2012
Netcraft has been tracking Citrix NetScaler in the Web Server Survey for more than a year. In the latest survey, more than ten million sites were found using Citrix NetScaler.
Citrix bought NetScaler Inc. in 2005 for approximately $300M in cash and stock, acquiring an already maturing network appliance platform. NetScaler provides load balancing, an application firewall, and application acceleration to improve the performance and security of large web applications. NetScaler can run on a variety of dedicated hardware platforms, or it can be run as a server-based virtual appliance. BIG-IP is a competing product from F5 with similar features which reached 10 million sites back in May 2009.
1.71% of all websites found this month were served using the Citrix NetScaler platform; but within the top 100k busiest websites NetScaler's share is much higher at 9.24%. The country distribution of the installed base has a few peculiarities: almost 30% of the websites hosted in Turkey and 20% of the websites hosted in Korea are using NetScaler. In Turkey, the blogcu.com network is using Citrix NetScaler and in Korea more than 50% of the co.cc subdomains were found to be using the platform. Worldwide, Microsoft, eBay, Weather.com, CNET, and MasterCard are among the busiest sites using Citrix NetScaler.
Posted by Robert Duncan in Hosting
Strong Hosting Growth in Ireland due to Amazon EC2 Datacenter
9th December, 2010
Despite its economic woes, Ireland is the country with the largest growth* this year in number of public-facing web servers in Netcraft's hosting provider server count. However, this is mostly due to large growth at Amazon's Elastic Compute Cloud (EC2) service.
Amazon started offering its EC2 service in the EU in December 2008, via a datacenter in Dublin. Since then it has been the fastest-growing hosting company in Ireland. Amazon's cloud hosting now makes up more than a third of all internet-facing web servers in Ireland, with three times more web servers hosted than the next largest hosting location.
Posted by Colin Phipps in Hosting
WikiLeaks ousted by Amazon, moves to Europe
2nd December, 2010
Amazon has finally pulled the plug on WikiLeaks, leaving the whistle-blowing website unavailable until the traffic was redirected to Europe. WikiLeaks first directed the traffic to Sweden, and then included a second server in France. WikiLeaks announced the move on their Twitter stream:
The United States Senate Committee on Homeland Security and Government Affairs subsequently issued a press release announcing that Amazon had severed ties with WikiLeaks. The introduction to this announcement clearly states that Amazon.com decided to terminate its relationship with WikiLeaks, although the government may have spurred this decision by reportedly asking, "Are there plans to take the site down?"
The committee contacted Amazon on Tuesday after reading press reports that the WikiLeaks site was being hosted by Amazon. The site was taken down by Amazon the following morning. This could suggest that the government was able to exert some influence on the decision – WikiLeaks had been using Amazon's EC2 hosting service since October, when the Iraq War Logs were published. The cablegate site also used EC2 from the moment it was launched on Sunday.
Incidentally, two sentences in Committee Chairman Joe Lieberman's statement may have been added as an afterthought, or added by someone else, as it appears in a slightly different colour to the rest of the text in the statement:
The chairman encouraged foreign companies to make the same decision as Amazon, although whether this will happen remains to be seen.
WikiLeaks is now served from two IP addresses in Europe: one is hosted by Bahnhof Internet in Sweden, and the other is at OVH in France. Both www.wikileaks.org and cablegate.wikileaks.org are being served from these IP addresses, and have been showing good response times since the move.
Real-time performance graphs for both sites are available here:
GeoCities Closure sees Surge in Phishing
26th October, 2009
Following its initial announcement on April 23, Yahoo! will today close down its GeoCities free hosting service and delete all GeoCities files from their servers. Existing members are being encouraged to move their sites to the commercial Yahoo! Web Hosting service, and GeoCities Plus customers will be able to upgrade to Yahoo! Web Hosting at no extra charge.
Not all traces of GeoCities will disappear after today — Yahoo! states that existing GeoCities email addresses will continue to work, and the Internet Archive has been working to archive as many sites as possible before GeoCities closes today.
Free hosting services have always been attractive to fraudsters, and the speculation over the profitably of GeoCities may not have been the only reason for today's closure — nearly all of the phishing attacks hosted on geocities.com this month were actually targeted against its owner, Yahoo!. Although Yahoo! stopped accepting new registrations on April 23, the number of phishing attacks hosted at geocities.com has seen a surge in October. Of the 930 confirmed phishing sites hosted at GeoCities in 2009, 143 of these were reported this month.
Today's closure will no doubt inconvenience some fraudsters, but other free hosting services are available, and indeed, plenty of these are already used to host phishing sites.
F5 BIG-IP Hosts 10 Million Sites
29th May, 2009
More than 10 million websites were found running F5 BIG-IP devices, in our most recent Web Server Survey. F5's BIG-IP product family uses the TMOS platform to provide a modular approach to traffic management, and several distinct modules are available for tasks such as load balancing, SSL acceleration and fast caching.
4.26% of all websites and around 3.8% of the top million sites are now served by F5 BIG-IP devices. Facebook, Bank of America and Adobe are among the sites with the largest amount of traffic using F5 BIG-IP.
F5 BIG-IP is particularly prominent in the United Kingdom, where it is used to serve 13.8% of all websites in the country; however, it is only found on 0.42% of the web-facing computers in the UK. This exemplifies a common BIG-IP deployment, where a large number of websites can be hosted by a relatively small number of frontend devices.