Month: August 2010

6 Months

It’s been 6 months since I wrote you this. 6 months. And in that tiny little amount of time, you have turned into a person. It’s hard for me to guess which things you’ll find interesting later in life if you’re reading this letter, and you’re moving so quickly right now that, by next week, it will all be different.

You’re adorable. Daddies are known to lack objectivity on this point, but I have it on good, impartial authority that you are an absolute delight. You smile when I come home at night, you smile when someone picks you up, you smile almost any time mommy speaks. You have learned how to splash in the bath, you shove basically everything into your mouth, and you’ve become ticklish. You are mere seconds away from learning to crawl – already getting into position but then not quite knowing what to do and faceplanting out of desperation. Sometimes you use the faceplants to drag yourself forward. You’re an odd duck. I love that.

You’re also terrifying. You don’t sit still, you roll directly for the edge of whatever surface we put you on, you bonk into stereo cabinets head first. The other day, in the bath, you managed to dump a cup full of water down your throat before I could stop you, sputtered, and for a second that lasted 3 years, you looked like you weren’t breathing. Don’t do that any more, okay?

You’ve rewritten us. Every time I see a parent with a kid, especially a dad with a daughter, I sort of nod, like we’re part of the same club now. I’ve always liked kids, but now I spot every one of them, everywhere I go, and make sure there’s a parent nearby watching them. I’ve noticed that I’ll often be swaying gently back and forth when I’m standing around, regardless of whether I’m holding you, or some groceries, or nothing at all. I’ve noticed other parents doing it, too.

I’ve taken 1,387 pictures of you since you were born, posted 76 of them publicly, and forced taxi drivers, coffee shop baristas, and every single one of my coworkers to admire them. I think that’ll probably slow down a little, if only because you’ll start to lose patience with me, but it’s hard to resist capturing every moment, especially with the speed you keep growing.

Your mom and I are very fortunate to have a lot of love in our lives. Family, friends, coworkers – there’s a lot of love to go around. But I was not ready, I was not ready for the way you would multiply that. You are a tiny, ticklish, ever-blonder force to be reckoned with, Lily, and I don’t even know how to imagine what the next 6 months will hold.

Love,

Daddy

The SSL Observatory

Oh ho, lookit what the EFF went and did!

The EFF SSL Observatory is a project to investigate the certificates used to secure all of the sites encrypted with HTTPS on the Web. We have downloaded a dataset of all of the publicly-visible SSL certificates, and will be making that data available to the research community in the near future.

This is exciting. I knocked together a less ambitious version of this last year, but the EFF guys are doing it like grown-ups, and are getting some interesting data.

Numbers-wise, they’re in the right ballpark, as far as I can tell. Their numbers (1-2m CA-signed certs) coarsely match ones I’ve seen from private sources. I’ve heard from a few CAs that public-crawl estimates tend to err 50-80% low since they miss intranet dark matter, but at least the EFF is tracking other public-crawls. Given that their collection tools and data are going to be made public, that’s a really big deal. Previously, I haven’t been able to get this kind of data without paying for it or collecting it myself. If the database is actively maintained and updated, this will be a great resource for research.

Their analysis of CA certificate usage is also interesting. I’d like to see more work done, here, and in particular I’d like to see how CA usage breaks down between the Mozilla root store and others. We spend considerable effort managing our root store, and recently removed a whole pile of CA certificates that were idle. In some places, the paper seems to make the claim that fully half of trusted CAs are never used, but in other places, the number of active roots they count outnumbers our entire root program. I understand why they blurred the line for the initial analysis, but it would be swell to see it broken out.

As they mention, there are legit reasons for root certs to be idle, particularly for future-proofing. We have several elliptic curve roots, and some large-modulus RSA roots, which are waiting for technology to catch up before they become active issuers while giving CAs a panic switch in the case of an Interesting Mathematical Result — that feels okay to me. On the other hand, if there are certs which are just redundant, it would be great to know, so that we can have that conversation with the relevant CAs, and understand the need to keep the cert active.

This is exactly what I hoped would come of my crawler last year, but they’ve done a much more thorough job. We’ve seen an uptick in research interest in SSL over the last few years. Having a high quality data source to poke when testing a hunch is going to make it easier to spot trends, positive or otherwise. Interesting work, folks; keep it going!