[SSL Observatory] The Trust Tree: An interactive graph of the CA ecosystem

[Bernhard Amann]

> Yes would be great if it was possible to click on the CA name that shows in the layer that adds the CA names to get more information.

Could you explain that in more detail? I am not entirely sure if I understand it correctly? You want to be able to just click on the name instead of the node?

> It's would also be great if ownership of CAs keys/roots was somehow represented in the visualization, for example:
> * "AddTrust External Root CA" should be grouped with "UTN-UserFirst-Hardware" as both (as far as I know) are COMODO owned.
> * "GTE CyberTrust Global Root" is owned by Verizon

Yep, you are right about that. I will try to get the information from the Mozilla spreadsheet into the next version.

> I also love the other recommendations, some of which that sound great to me include:
> 1. Basic Constraints Path Length restrictions
> 2. Use on Name Constraints, aka make it clear that those subCAs are restricted
> 3. Make it possible to filter (not just search) the graph by the name of the entity that owns the CA (aka GlobalSign, Verizon, Comodo, etc.) to allow excluding some of the larger education networks so the graph is more explore-able.

1 and 2 already are on my to-to list. 3 generally sounds like a good idea. The "problem" is, that at the moment the layout is fixed and not done by the web-interface (I had an earlier version where they were layed out directly in javascript using a force-based algorithm - but that didn't really look that good). In any case at the moment just filtering would leave big holes in the graph.

Bernhard