{"id":320,"date":"2013-03-22T00:42:37","date_gmt":"2013-03-22T08:42:37","guid":{"rendered":"http:\/\/unmitigatedrisk.com\/?p=320"},"modified":"2013-03-31T08:38:32","modified_gmt":"2013-03-31T16:38:32","slug":"microsoft-root-program-and-excel","status":"publish","type":"post","link":"https:\/\/unmitigatedrisk.com\/?p=320","title":{"rendered":"Microsoft Root Program and Excel"},"content":{"rendered":"<p>The other day I was was studying up on my Excel so I could help someone with a project, today I met with a friend where we were discussing the composition of root programs.<\/p>\n<p>Since when you\u2019re a plumber you fix everything with a wrench out came Excel and since sometimes I can\u2019t let a problem sit still I spent far to much time slicing and dicing the <a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/14215.windows-and-windows-phone-8-ssl-root-certificate-program-member-cas.aspx\">Microsoft Root Program membership<\/a> list.<\/p>\n<p>There is a ton more that can be done, for example:<\/p>\n<ol>\n<li>Root CA adoption relative to UN membership.<\/li>\n<li>Root CA certificates based on validity dates.<\/li>\n<li>Comparing the Microsoft Root Program membership to the Mozilla Root Program membership.<\/li>\n<li>CAs per network (using AIA:OCSP urls as an indicator)<\/li>\n<li>CA adoption of CDNs for OCSP and CRLs.<\/li>\n<li>A look at how many operational facilities are associated with each organization (for example Symantec has 66 root CAs for there various brands are they all in the same facilities?).<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>Anyways it was a fun exercise and I thought I would share the results with you, here is the <a href=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2013\/03\/A-look-at-the-Microsoft-Root-Program-Membership-as-of-3-21-13.xlsx\">XLSX<\/a>.<\/p>\n<p>For those who do not want to look at the XSLX here are some statistics you may think are interesting:<\/p>\n<ol>\n<li>31.30% of the CAs were owned explicitly by governments.<\/li>\n<li>64.35% of the CAs were owned by commercial entities in the business of being third-party trust providers.<\/li>\n<li>Of the 352 certificates they are owned by 115 organizations, 36 government, 74 commercial and 5 enterprise.<\/li>\n<li>The USA has the most organizations who own CAs coming in at 13.04%.<\/li>\n<li>Spain is next with 12.17% of the organizations owning \u00a0CAs being based there..<\/li>\n<li>France is number three with 5.22% of the organizations owning \u00a0CAs being based there..<\/li>\n<li>17.33% of the roots use 1024bit keys.<\/li>\n<li>60.23% of the roots use 2048bit keys.<\/li>\n<li>18.47% of the roots use 4096bit keys.<\/li>\n<li>1.70% of the roots use ECDSA384 keys.<\/li>\n<li>115 of the 206\u00a0sovereign\u00a0nations have CAs within their borders.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>The other day I was was studying up on my Excel so I could help someone with a project, today I met with a friend where we were discussing the composition of root programs. Since when you\u2019re a plumber you fix everything with a wrench out came Excel and since sometimes I can\u2019t let a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3,4],"tags":[81],"class_list":["post-320","post","type-post","status-publish","format-standard","hentry","category-security","category-thoughts","tag-root-program"],"_links":{"self":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=320"}],"version-history":[{"count":0,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/320\/revisions"}],"wp:attachment":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}