Hi, On Dec 14, 2012, at 4:25 AM, Ralph Holz <[email protected]> wrote:
>> Root-CAs are pictured as red nodes, intermediate CAs are green. >> The node diameter scales logarithmically with the number of >> certificates signed by the node. Similarly, the color of the green >> nodes scales proportional to the diameter. > > Hm, I do have a question. Thawte EV has an "outbound" link to "Thawte > Root", similarly TUM has an "outbound" link to DFN. I would understand > "outbound" as indicating the direction of the signature, i.e. DFN -> > TUM. So I would have expected the link between TUM and DFN to be > "inbound" when I click on TUM. But it seems to be consistenly applied, > so I guess that was a conscious choice? Well, we chose to represent the relationships between the certificates the other way round - the child certificates point to their parent CA. However, this is a purely semantical issue - for your point of view we just would have to reverse all links. > […DFN Certificates and how they are granted...] Thank you very much, it is interesting to know the exact way this is done at the Moment. I also think that each Institution (like the TUM) can only issue certificates for a fixed set of domains. Other domains might require manual DFN intervention. But I am not a hundred percent positive about that - I mainly got that impression from some threads on the Mozilla bug tracker where they discussed the DFN. Have a nice day, Bernhard _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
