[SSL Observatory] The Trust Tree: An interactive graph of the CA ecosystem
Ralph Holz
holz at net.in.tum.de
Mon Dec 17 12:58:17 PST 2012
Hi,
Agreed. And useful.
E.g.: Click on CyberTrust. I just love who else they have certified:
Bayer, Yandex, Adidas EMEA. Key length 1,024. But don't worry, it's
going to expire in 2017, and it's only been around for 5 years or so. :)
@Bernhard: if you want more people to go love this, can you extract (and
or show) if any these CAs have restrictions, e.g. DNS path names and/or
path lengths?
@Kathleen: I admit I have not followed moz.dev.sec.pol recently - did
CyberTrust cite all these sub-certs of theirs? From the names I assume
they're real sub-CAs, not just intermediates?
Ralph
On 12/17/2012 09:44 PM, Ben Wilson wrote:
> Thanks! This is much easier for me to use.
>
> *From:*Bernhard Amann [mailto:bernhard at ICSI.Berkeley.EDU] *Sent:*
> Monday, December 17, 2012 1:05 PM *To:* ben at digicert.com *Cc:*
> observatory at eff.org *Subject:* Re: [SSL Observatory] The Trust Tree:
> An interactive graph of the CA ecosystem
>
>
>
> Hi,
>
>
>
> sorry that it took a while - but I created a second version now that
> simply
>
> removes all sub-CAs of the DFN. It is available at
>
>
>
> http://notary.icsi.berkeley.edu/trust-tree-no-dfn/
>
>
>
> (I know - something where you could remove it live would be nicer.
> Perhaps
>
> in the future…)
--
Ralph Holz
Network Architectures and Services
Technische Universität München
Phone +49 89 28918043
http://www.net.in.tum.de/de/mitarbeiter/holz/
PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
More information about the Observatory
mailing list