[cryptography] Interactive graph of the CA ecosystem

Bernhard Amann bernhard at ICSI.Berkeley.EDU
Fri Dec 14 11:10:50 EST 2012


On Dec 14, 2012, at 4:25 AM, Ralph Holz <holz at net.in.tum.de> wrote:

>> Root-CAs are pictured as red nodes, intermediate CAs are green. 
>> The node diameter scales logarithmically with the number of 
>> certificates signed by the node. Similarly, the color of the green 
>> nodes scales proportional to the diameter.
> Hm, I do have a question. Thawte EV has an "outbound" link to "Thawte
> Root", similarly TUM has an "outbound" link to DFN. I would understand
> "outbound" as indicating the direction of the signature, i.e. DFN ->
> TUM. So I would have expected the link between TUM and DFN to be
> "inbound" when I click on TUM. But it seems to be consistenly applied,
> so I guess that was a conscious choice?

Well, we chose to represent the relationships between the certificates
the other way round - the child certificates point to their parent CA. However,
this is a purely semantical issue - for your point of view we just would
have to reverse all links.

> […DFN Certificates and how they are granted...]

Thank you very much, it is interesting to know the exact way this is done
at the Moment. I also think that each Institution (like the TUM) can only
issue certificates for a fixed set of domains. Other domains might require
manual DFN intervention.

But I am not a hundred percent positive about that - I mainly got that impression
from some threads on the Mozilla bug tracker where they discussed the DFN.

Have a nice day,

More information about the cryptography mailing list