Sorry hit send too soon :) ...
Yes would be great if it was possible to click on the CA name that shows in the layer that adds the CA names to get more information. It's would also be great if ownership of CAs keys/roots was somehow represented in the visualization, for example: * "AddTrust External Root CA" should be grouped with "UTN-UserFirst-Hardware" as both (as far as I know) are COMODO owned. * "GTE CyberTrust Global Root" is owned by Verizon I also love the other recommendations, some of which that sound great to me include: 1. Basic Constraints Path Length restrictions 2. Use on Name Constraints, aka make it clear that those subCAs are restricted 3. Make it possible to filter (not just search) the graph by the name of the entity that owns the CA (aka GlobalSign, Verizon, Comodo, etc.) to allow excluding some of the larger education networks so the graph is more explore-able. This is something I have had on my to-do list for the last few months and I am thrilled to see that you guys have done this, if I can be of help do not hesitate to ask. Ryan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Adam Langley Sent: Monday, December 17, 2012 1:04 PM To: Bernhard Amann Cc: [email protected] Subject: Re: [SSL Observatory] The Trust Tree: An interactive graph of the CA ecosystem On Mon, Dec 17, 2012 at 4:00 PM, Bernhard Amann <[email protected]> wrote: > I'll add it to my list. Next version, will take a while. If the actual PEM of the intermediate available? For example, GeoTrust has signed an intermediate which is just called "Intermediate Certificate DV SSL CA" according to the interface, no organisation mentioned in the UI! Cheers AGL
