[SSL Observatory] Tangent - coercibility of different authority structures
Andy Isaacson
adi at hexapodia.org
Mon Sep 26 23:59:48 PDT 2011
On Mon, Sep 26, 2011 at 10:04:28AM -0400, Phillip Hallam-Baker wrote:
> Your claim would be so much more credible if you would stick to the facts.
> There are 20-30 CAs, not 100+. If you want to claim that there are more you
> need to prove that there are more.
It would be extremely helpful if you could make a counter-argument to
back up your claim that the 900-ish sub-CAs discovered by the
Observatory are actually controlled by only 30 or so organizations.
I'd certainly rest somewhat more soundly to learn that.
Some of the groupings are very obvious, such as the DFN set. Others are
probably obvious to people who follow the industry (such as yourself).
Others may be very enlightening to explore the relationships between...
What about Enterprise CAs? Supposedly some large corporate customers
get their own HSM, on site, containing a sub-CA, and the administrative
systems around the HSM are intended to prevent it from issuing
certificates outside of the authority delegated by the CA vendor. I've
never seen an example of a certificate issued by such an enterprise CA,
though, so it's pure fable to me currently. I'd be delighted to hear
any light you can shed on that matter...
-andy
More information about the Observatory
mailing list