[SSL Observatory] The Trust Tree: An interactive graph of the CA ecosystem
Bernhard Amann
bernhard at ICSI.Berkeley.EDU
Tue Dec 18 19:37:22 PST 2012
On Dec 18, 2012, at 4:22 PM, Peter Eckersley <pde at eff.org> wrote:
> On Mon, Dec 17, 2012 at 01:00:24PM -0800, Bernhard Amann wrote:
>>
>>> @Bernhard: if you want more people to go love this, can you extract (and
>>> or show) if any these CAs have restrictions, e.g. DNS path names and/or
>>> path lengths?
>>
>> None of the CAs have DNS path restrictions (if I got my parser code right).
>> Path lengths… there is an idea :).
>>
>> I'll add it to my list. Next version, will take a while.
>
> Here is a slightly old answer to this question from the 2011 centralized
> observatory, since I happen to have that handy on this machine. Note that
> these may miss some really old root CAs that lack a Basic Constraints:CA
> field. Valid certs grouped by CA/not CA:
Slightly unrelated question - is the 2011 data available for download somewhere?
It would be kind of interesting to check how big the overlap between the data
in the notary and the active scan data is…
Bernhard
More information about the Observatory
mailing list