[SSL Observatory] The Trust Tree: An interactive graph of the CA ecosystem

Ryan Hurst ryan.hurst at globalsign.com
Mon Dec 17 13:14:28 PST 2012


Sorry hit send too soon :)

...

Yes would be great if it was possible to click on the CA name that shows in the layer that adds the CA names to get more information.

It's would also be great if ownership of CAs keys/roots was somehow represented in the visualization, for example:
* "AddTrust External Root CA" should be grouped with "UTN-UserFirst-Hardware" as both (as far as I know) are COMODO owned.
* "GTE CyberTrust Global Root" is owned by Verizon

I also love the other recommendations, some of which that sound great to me include:
1. Basic Constraints Path Length restrictions
2. Use on Name Constraints, aka make it clear that those subCAs are restricted
3. Make it possible to filter (not just search) the graph by the name of the entity that owns the CA (aka GlobalSign, Verizon, Comodo, etc.) to allow excluding some of the larger education networks so the graph is more explore-able.

This is something I have had on my to-do list for the last few months and I am thrilled to see that you guys have done this, if I can be of help do not hesitate to ask.

Ryan

-----Original Message-----
From: observatory-bounces at eff.org [mailto:observatory-bounces at eff.org] On Behalf Of Adam Langley
Sent: Monday, December 17, 2012 1:04 PM
To: Bernhard Amann
Cc: observatory at eff.org
Subject: Re: [SSL Observatory] The Trust Tree: An interactive graph of the CA ecosystem

On Mon, Dec 17, 2012 at 4:00 PM, Bernhard Amann <bernhard at icsi.berkeley.edu> wrote:
> I'll add it to my list. Next version, will take a while.

If the actual PEM of the intermediate available?

For example, GeoTrust has signed an intermediate which is just called "Intermediate Certificate DV SSL CA" according to the interface, no organisation mentioned in the UI!


Cheers

AGL






More information about the Observatory mailing list