[cryptography] Interactive graph of the CA ecosystem

Antonio Araujo Brett aaraujo at cenditel.gob.ve
Fri Dec 14 09:08:18 EST 2012


Dear Bernhard,
What a superb work.

Best Regards.

Antonio Araujo Brett
CENDITEL
Venezuela


El 14/12/12 00:47, Bernhard Amann escribió:
> Hi All,
>
> We just released an interactive graph that shows the relationship
> between the root-CAs of the Mozilla root-store and their intermediates 
> at http://notary.icsi.berkeley.edu/trust-tree/. 
>
> Root-CAs are pictured as red nodes, intermediate CAs are green. 
> The node diameter scales logarithmically with the number of 
> certificates signed by the node. Similarly, the color of the green 
> nodes scales proportional to the diameter.
>
> The data source for this graph is the ICSI SSL notary [1], which we 
> previously announced on this mailing list. We have been passively 
> monitoring the Internet uplinks of a number of (mostly) edu
> networks for certificate and SSL information for about 10 months.
>
> Clicking on individual nodes reveals additional information about the 
> CAs, especially the number of valid child certificates we currently 
> know for it.
>
> In the graph, the CA that directly signed the largest number of
> certificates
> is the Go Daddy Secure Certification Authority, an intermediate of 
> GoDaddy. Our current dataset contains over 74,000 certificates 
> that it signed.
>
> The DFN-Verein CA has signed the largest number of intermediate 
> CA certificates. As you might know it provides certificates for 
> many German higher education and research institutions. It creates 
> a unique sub-CA for each institution for which it issues certificates.
> Our data set currently contains more than 200 sub-CAs of it.
> The DFN does this for administrative reasons. The control of the
> private keys of all sub-CAs remains at the DFN and they check
> each certificate request.
>
> If you have any questions or comments about this, please let us
> know.
>
> Bernhard
>
> [1]: http://notary.icsi.berkeley.edu/
> <http://notary.icsi.berkeley.edu/trust-tree/>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20121214/eb39e1a1/attachment.html>


More information about the cryptography mailing list