[SSL Observatory] The Trust Tree: An interactive graph of the CA ecosystem

Ryan Hurst ryan.hurst at globalsign.com
Mon Dec 17 13:42:28 PST 2012 

Unfortunately I won't be able to attend due to other commitments but I would be able to participate via Skype or Jabber if that was possible.

Ryan Hurst
Chief Technology Officer
GMO Globalsign

twitter: @rmhrisk
email: ryan.hurst at globalsign.com


Sent from my phone, please forgive the brevity.

On Dec 17, 2012, at 1:18 PM, Ralph Holz <holz at net.in.tum.de> wrote:

> I second Ryan's suggestions.
> 
> Are any of the interested parties at 29C3? I'd love to have a chat.
> 
> Ralph
> 
> On 12/17/2012 10:14 PM, Ryan Hurst wrote:
>> Sorry hit send too soon :)
>> 
>> ...
>> 
>> Yes would be great if it was possible to click on the CA name that
>> shows in the layer that adds the CA names to get more information.
>> 
>> It's would also be great if ownership of CAs keys/roots was somehow
>> represented in the visualization, for example: * "AddTrust External
>> Root CA" should be grouped with "UTN-UserFirst-Hardware" as both (as
>> far as I know) are COMODO owned. * "GTE CyberTrust Global Root" is
>> owned by Verizon
>> 
>> I also love the other recommendations, some of which that sound great
>> to me include: 1. Basic Constraints Path Length restrictions 2. Use
>> on Name Constraints, aka make it clear that those subCAs are
>> restricted 3. Make it possible to filter (not just search) the graph
>> by the name of the entity that owns the CA (aka GlobalSign, Verizon,
>> Comodo, etc.) to allow excluding some of the larger education
>> networks so the graph is more explore-able.
>> 
>> This is something I have had on my to-do list for the last few months
>> and I am thrilled to see that you guys have done this, if I can be of
>> help do not hesitate to ask.
>> 
>> Ryan
>> 
>> -----Original Message----- From: observatory-bounces at eff.org
>> [mailto:observatory-bounces at eff.org] On Behalf Of Adam Langley Sent:
>> Monday, December 17, 2012 1:04 PM To: Bernhard Amann Cc:
>> observatory at eff.org Subject: Re: [SSL Observatory] The Trust Tree: An
>> interactive graph of the CA ecosystem
>> 
>> On Mon, Dec 17, 2012 at 4:00 PM, Bernhard Amann
>> <bernhard at icsi.berkeley.edu> wrote:
>>> I'll add it to my list. Next version, will take a while.
>> 
>> If the actual PEM of the intermediate available?
>> 
>> For example, GeoTrust has signed an intermediate which is just called
>> "Intermediate Certificate DV SSL CA" according to the interface, no
>> organisation mentioned in the UI!
>> 
>> 
>> Cheers
>> 
>> AGL
> 
> 
> -- 
> Ralph Holz
> Network Architectures and Services
> Technische Universität München
> Phone +49 89 28918043
> http://www.net.in.tum.de/de/mitarbeiter/holz/
> PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF
>

More information about the Observatory mailing list