Hi, Agreed. And useful.
E.g.: Click on CyberTrust. I just love who else they have certified: Bayer, Yandex, Adidas EMEA. Key length 1,024. But don't worry, it's going to expire in 2017, and it's only been around for 5 years or so. :) @Bernhard: if you want more people to go love this, can you extract (and or show) if any these CAs have restrictions, e.g. DNS path names and/or path lengths? @Kathleen: I admit I have not followed moz.dev.sec.pol recently - did CyberTrust cite all these sub-certs of theirs? From the names I assume they're real sub-CAs, not just intermediates? Ralph On 12/17/2012 09:44 PM, Ben Wilson wrote: > Thanks! This is much easier for me to use. > > *From:*Bernhard Amann [mailto:[email protected]] *Sent:* > Monday, December 17, 2012 1:05 PM *To:* [email protected] *Cc:* > [email protected] *Subject:* Re: [SSL Observatory] The Trust Tree: > An interactive graph of the CA ecosystem > > > > Hi, > > > > sorry that it took a while - but I created a second version now that > simply > > removes all sub-CAs of the DFN. It is available at > > > > http://notary.icsi.berkeley.edu/trust-tree-no-dfn/ > > > > (I know - something where you could remove it live would be nicer. > Perhaps > > in the future…) -- Ralph Holz Network Architectures and Services Technische Universität München Phone +49 89 28918043 http://www.net.in.tum.de/de/mitarbeiter/holz/ PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
