The other day I was was studying up on my Excel so I could help someone with a project, today I met with a friend where we were discussing the composition of root programs.
Since when you’re a plumber you fix everything with a wrench out came Excel and since sometimes I can’t let a problem sit still I spent far to much time slicing and dicing the Microsoft Root Program membership list.
There is a ton more that can be done, for example:
- Root CA adoption relative to UN membership.
- Root CA certificates based on validity dates.
- Comparing the Microsoft Root Program membership to the Mozilla Root Program membership.
- CAs per network (using AIA:OCSP urls as an indicator)
- CA adoption of CDNs for OCSP and CRLs.
- A look at how many operational facilities are associated with each organization (for example Symantec has 66 root CAs for there various brands are they all in the same facilities?).
Anyways it was a fun exercise and I thought I would share the results with you, here is the XLSX.
For those who do not want to look at the XSLX here are some statistics you may think are interesting:
- 31.30% of the CAs were owned explicitly by governments.
- 64.35% of the CAs were owned by commercial entities in the business of being third-party trust providers.
- Of the 352 certificates they are owned by 115 organizations, 36 government, 74 commercial and 5 enterprise.
- The USA has the most organizations who own CAs coming in at 13.04%.
- Spain is next with 12.17% of the organizations owning CAs being based there..
- France is number three with 5.22% of the organizations owning CAs being based there..
- 17.33% of the roots use 1024bit keys.
- 60.23% of the roots use 2048bit keys.
- 18.47% of the roots use 4096bit keys.
- 1.70% of the roots use ECDSA384 keys.
- 115 of the 206 sovereign nations have CAs within their borders.
Pingback: What’s in a certificate chain and why?
Pingback: CA Security Council | Certificate Chains, Key Management and the Number of CAs Counted by Web Crawlers – Oh My