TLS CA in autonomous systems


Russian and foreign AS in hosting HTTPS/TLS-nodes


Russian AS Foreign AS
Number of nodes % Number of nodes %
Number of unique IPv4 addresses
TLS-nodes of Russian sites
Number of Russian sites,
pointing to these IPv4 addresses

TLS CA rating for nodes and names, placed in Russian and foreign AS



Hostnames corresponding to second-level names in Russian TLDs .RU, .SU, .РФ are mapped to IP addresses with DNS A record query. For each resulting pair of IP address and a hostname we attempt to establish a TLS connection on 443/tcp (HTTPS) and download TLS certificates. The certificates received are validated against the built-in list of trusted CA (Certification Authority) certificates (a subset of the well-known NSS/Mozilla list). CA names and subject names in .RU, .SU, .РФ TLDs are extracted from valid certificates, including names in additional fields (SAN). One server certificate downloaded from HTTPS node under a particular domain may include many other names (for example, a certificate received from a host under has and names included). IP addresses are mapped to AS numbers and cumulative statistics are calculated on obtained data. The rating of CA by AS accounts for IP addresses of nodes that returned certificates of this particular CA, therefore the same autonomous system can be counted multiple times for different CA.