[cryptography] Interactive graph of the CA ecosystem
bernhard at ICSI.Berkeley.EDU
Fri Dec 14 00:17:53 EST 2012
We just released an interactive graph that shows the relationship
between the root-CAs of the Mozilla root-store and their intermediates
Root-CAs are pictured as red nodes, intermediate CAs are green.
The node diameter scales logarithmically with the number of
certificates signed by the node. Similarly, the color of the green
nodes scales proportional to the diameter.
The data source for this graph is the ICSI SSL notary , which we
previously announced on this mailing list. We have been passively
monitoring the Internet uplinks of a number of (mostly) edu
networks for certificate and SSL information for about 10 months.
Clicking on individual nodes reveals additional information about the
CAs, especially the number of valid child certificates we currently
know for it.
In the graph, the CA that directly signed the largest number of certificates
is the Go Daddy Secure Certification Authority, an intermediate of
GoDaddy. Our current dataset contains over 74,000 certificates
that it signed.
The DFN-Verein CA has signed the largest number of intermediate
CA certificates. As you might know it provides certificates for
many German higher education and research institutions. It creates
a unique sub-CA for each institution for which it issues certificates.
Our data set currently contains more than 200 sub-CAs of it.
The DFN does this for administrative reasons. The control of the
private keys of all sub-CAs remains at the DFN and they check
each certificate request.
If you have any questions or comments about this, please let us
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography