[SSL Observatory] The Trust Tree: An interactive graph of the CA ecosystem

Ralph Holz holz at net.in.tum.de
Mon Dec 17 13:18:30 PST 2012 

I second Ryan's suggestions.

Are any of the interested parties at 29C3? I'd love to have a chat.

Ralph

On 12/17/2012 10:14 PM, Ryan Hurst wrote:
> Sorry hit send too soon :)
> 
> ...
> 
> Yes would be great if it was possible to click on the CA name that
> shows in the layer that adds the CA names to get more information.
> 
> It's would also be great if ownership of CAs keys/roots was somehow
> represented in the visualization, for example: * "AddTrust External
> Root CA" should be grouped with "UTN-UserFirst-Hardware" as both (as
> far as I know) are COMODO owned. * "GTE CyberTrust Global Root" is
> owned by Verizon
> 
> I also love the other recommendations, some of which that sound great
> to me include: 1. Basic Constraints Path Length restrictions 2. Use
> on Name Constraints, aka make it clear that those subCAs are
> restricted 3. Make it possible to filter (not just search) the graph
> by the name of the entity that owns the CA (aka GlobalSign, Verizon,
> Comodo, etc.) to allow excluding some of the larger education
> networks so the graph is more explore-able.
> 
> This is something I have had on my to-do list for the last few months
> and I am thrilled to see that you guys have done this, if I can be of
> help do not hesitate to ask.
> 
> Ryan
> 
> -----Original Message----- From: observatory-bounces at eff.org
> [mailto:observatory-bounces at eff.org] On Behalf Of Adam Langley Sent:
> Monday, December 17, 2012 1:04 PM To: Bernhard Amann Cc:
> observatory at eff.org Subject: Re: [SSL Observatory] The Trust Tree: An
> interactive graph of the CA ecosystem
> 
> On Mon, Dec 17, 2012 at 4:00 PM, Bernhard Amann
> <bernhard at icsi.berkeley.edu> wrote:
>> I'll add it to my list. Next version, will take a while.
> 
> If the actual PEM of the intermediate available?
> 
> For example, GeoTrust has signed an intermediate which is just called
> "Intermediate Certificate DV SSL CA" according to the interface, no
> organisation mentioned in the UI!
> 
> 
> Cheers
> 
> AGL
> 
> 
> 


-- 
Ralph Holz
Network Architectures and Services
Technische Universität München
Phone +49 89 28918043
http://www.net.in.tum.de/de/mitarbeiter/holz/
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF

More information about the Observatory mailing list