{"$schema":"https://webpki.systematicreasoning.com/schema.json","version":"1.0.0","generatedAt":"2026-05-10T08:25:40.000233+00:00","snapshotUrl":"https://webpki.systematicreasoning.com/llm_snapshot.json","slices":{"index":"https://webpki.systematicreasoning.com/llm_snapshot_index.json","governance":"https://webpki.systematicreasoning.com/llm_snapshot_governance.json","distrust":"https://webpki.systematicreasoning.com/llm_snapshot_distrust.json","market":"https://webpki.systematicreasoning.com/llm_snapshot_market.json","risk":"https://webpki.systematicreasoning.com/llm_snapshot_risk.json"},"sliceGuide":"This snapshot is ~50k tokens. For targeted analysis fetch a slice: governance (CA/Browser Forum oversight, compliance, BR readiness, audit letter quality), distrust (16 distrust events 2011-2024 + incidents), market (CA market share, trust surface), risk (geographic, government, jurisdiction, full 317-root crypto data). Each slice is self-contained with generatedAt and snapshotUrl.","dataSources":{"crtSh":"Certificate Transparency logs via crt.sh \u2014 unexpired and all-time precertificate counts per CA owner. Updated daily.","ccadb":"Common CA Database (AllCertificateRecordsCSVFormatv4) \u2014 root/intermediate metadata, trust store inclusion, CA owner details. Updated daily.","bugzilla":"Mozilla Bugzilla CA Certificate Compliance \u2014 incident reports, root program comments, CA responses. 2014-present. Updated daily.","statcounter":"StatCounter global browser market share \u2014 mapped to root programs for web coverage estimates. Updated daily.","cabforum":"CA/Browser Forum ballot records \u2014 proposers, endorsers, vote results across Server Certificate, Code Signing, S/MIME, and Network Security working groups.","keylength":"keylength.com \u2014 cryptographic key size recommendations from NIST, ECRYPT-CSA, BSI, ANSSI, and NSA CNSA.","cabforumMembers":"CA/B Forum membership roster \u2014 CA members, browser members, interested parties. Used for ecosystem participation baseline.","chromeRootStore":"Chrome Root Store git commit history \u2014 root additions and removals with timestamps.","tabIntros":"Analyst summaries generated daily by Claude Sonnet from the prior day's data digest. Each intro states the key finding for that tab with specific numbers and connects related tabs.","regulatorySurface":"Normative obligation counts across all CA compliance documents \u2014 CA/Browser Forum BRs (PDF archive 2012-2021 + GitHub tags 2021-present), root program policies, IETF RFCs (operative versions), NIS2 Directive (EUR-Lex), NIST SP 800-53 Rev 5 (OSCAL). Four convention-aware parsers: RFC2119_INLINE, SHALL_LETTERED_LIST, EU_LEGAL, NIST_OSCAL. Ballot timeline from document revision history tables."},"browserCoverage":{"chrome":0.7823,"apple":0.1639,"mozilla":0.0229,"microsoft":0.0},"market":[{"rank":1,"id":"internet-security-research-group","caSlug":"internet-security-research-group","caOwner":"Internet Security Research Group","certs":519141654,"allTimeCerts":8938894729,"share":40.7986,"turnover":17.2,"usageDays":21,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":4,"intermediateCount":13,"webCoverage":96.9,"tls":true,"ev":false,"smime":false,"codeSigning":false,"ppm":0.004,"selfReportPct":49,"incidentCount":39,"matched":true,"inferred":false,"parent":"","note":"All-time volume may be undercounted due to historical cross-signs (now expired) under: IdenTrust Services, LLC.","issuanceCaveat":"historical_cross_sign","crtshUrl":"https://crt.sh/?CAName=Internet%20Security%20Research%20Group"},{"rank":2,"id":"google-trust-services-llc","caSlug":"google-trust-services-llc","caOwner":"Google Trust Services LLC","certs":200599699,"allTimeCerts":1826062625,"share":15.7648,"turnover":9.1,"usageDays":40,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":12,"intermediateCount":12,"webCoverage":96.9,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":0.021,"selfReportPct":21,"incidentCount":39,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Google%20Trust%20Services%20LLC"},{"rank":3,"id":"digicert","caSlug":"digicert","caOwner":"DigiCert","certs":172596251,"allTimeCerts":1139299042,"share":13.5641,"turnover":6.6,"usageDays":55,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":110,"intermediateCount":565,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":0.152,"selfReportPct":47,"incidentCount":173,"matched":true,"inferred":false,"parent":"","note":"All-time volume may be undercounted due to historical cross-signs (now expired) under: Sectigo.","issuanceCaveat":"historical_cross_sign","crtshUrl":"https://crt.sh/?CAName=DigiCert"},{"rank":4,"id":"godaddy","caSlug":"godaddy","caOwner":"GoDaddy","certs":158950364,"allTimeCerts":434396988,"share":12.4917,"turnover":2.7,"usageDays":134,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":13,"intermediateCount":15,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":0.108,"selfReportPct":57,"incidentCount":47,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=GoDaddy"},{"rank":5,"id":"sectigo","caSlug":"sectigo","caOwner":"Sectigo","certs":139965246,"allTimeCerts":1280406616,"share":10.9997,"turnover":9.1,"usageDays":40,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United Kingdom","rootCount":37,"intermediateCount":907,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":0.086,"selfReportPct":62,"incidentCount":110,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Sectigo"},{"rank":6,"id":"microsoft-corporation","caSlug":"microsoft-corporation","caOwner":"Microsoft Corporation","certs":58049379,"allTimeCerts":327719207,"share":4.562,"turnover":5.6,"usageDays":65,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":15,"intermediateCount":22,"webCoverage":96.9,"tls":true,"ev":true,"smime":false,"codeSigning":true,"ppm":0.156,"selfReportPct":49,"incidentCount":51,"matched":true,"inferred":false,"parent":"","note":"Volume may be undercounted. Cross-signed roots mean some certificates issued under Microsoft Corporation may be attributed to: DigiCert.","issuanceCaveat":"undercounted_cross_sign","crtshUrl":"https://crt.sh/?CAName=Microsoft%20Corporation"},{"rank":7,"id":"identrust-services-llc","caSlug":"identrust-services-llc","caOwner":"IdenTrust Services, LLC","certs":14060712,"allTimeCerts":39287456,"share":1.105,"turnover":2.8,"usageDays":131,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":29,"intermediateCount":16,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":1.909,"selfReportPct":81,"incidentCount":75,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=IdenTrust%20Services%2C%20LLC"},{"rank":8,"id":"ssl-com","caSlug":"ssl-com","caOwner":"SSL.com","certs":2899455,"allTimeCerts":95394266,"share":0.2279,"turnover":32.9,"usageDays":11,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":23,"intermediateCount":78,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":0.325,"selfReportPct":55,"incidentCount":31,"matched":true,"inferred":false,"parent":"","note":"Volume may be undercounted. Cross-signed roots mean some certificates issued under SSL.com may be attributed to: Sectigo.","issuanceCaveat":"undercounted_cross_sign","crtshUrl":"https://crt.sh/?CAName=SSL.com"},{"rank":9,"id":"globalsign-nv-sa","caSlug":"globalsign-nv-sa","caOwner":"GlobalSign nv-sa","certs":1553047,"allTimeCerts":50974145,"share":0.1221,"turnover":32.8,"usageDays":11,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Belgium","rootCount":16,"intermediateCount":272,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":1.099,"selfReportPct":61,"incidentCount":56,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=GlobalSign%20nv-sa"},{"rank":10,"id":"actalis","caSlug":"actalis","caOwner":"Actalis","certs":1418856,"allTimeCerts":6588411,"share":0.1115,"turnover":4.6,"usageDays":79,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Italy","rootCount":10,"intermediateCount":11,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":3.491,"selfReportPct":61,"incidentCount":23,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Actalis"},{"rank":11,"id":"asseco-data-systems-s-a","caSlug":"asseco-data-systems-s-a","caOwner":"Asseco Data Systems S.A.","certs":670655,"allTimeCerts":5979897,"share":0.0527,"turnover":8.9,"usageDays":41,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Poland","rootCount":14,"intermediateCount":88,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":7.86,"selfReportPct":53,"incidentCount":47,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Asseco%20Data%20Systems%20S.A."},{"rank":12,"id":"harica","caSlug":"harica","caOwner":"HARICA","certs":595684,"allTimeCerts":654827,"share":0.0468,"turnover":1.1,"usageDays":332,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Greece","rootCount":9,"intermediateCount":93,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":25.961,"selfReportPct":59,"incidentCount":17,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=HARICA"},{"rank":13,"id":"trustasia-technologies-inc","caSlug":"trustasia-technologies-inc","caOwner":"TrustAsia Technologies, Inc.","certs":504231,"allTimeCerts":678756,"share":0.0396,"turnover":1.3,"usageDays":271,"trustedBy":{"mozilla":true,"microsoft":false,"chrome":true,"apple":false},"storeCount":2,"country":"China","rootCount":12,"intermediateCount":46,"webCoverage":80.5,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":4.42,"selfReportPct":100,"incidentCount":3,"matched":true,"inferred":false,"parent":"","note":"Volume may be undercounted. Cross-signed roots mean some certificates issued under TrustAsia Technologies, Inc. may be attributed to: Asseco Data Systems S.A..","issuanceCaveat":"undercounted_cross_sign","crtshUrl":"https://crt.sh/?CAName=TrustAsia%20Technologies%2C%20Inc."},{"rank":14,"id":"certainly-llc","caSlug":"certainly-llc","caOwner":"Certainly LLC","certs":498632,"allTimeCerts":13383089,"share":0.0392,"turnover":26.8,"usageDays":14,"trustedBy":{"mozilla":true,"microsoft":false,"chrome":true,"apple":true},"storeCount":3,"country":"United States","rootCount":2,"intermediateCount":2,"webCoverage":96.9,"tls":true,"ev":false,"smime":false,"codeSigning":false,"ppm":0.672,"selfReportPct":22,"incidentCount":9,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Certainly%20LLC"},{"rank":15,"id":"amazon-trust-services","caSlug":"amazon-trust-services","caOwner":"Amazon Trust Services","certs":301240,"allTimeCerts":925006,"share":0.0237,"turnover":3.1,"usageDays":119,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":8,"intermediateCount":48,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":17.297,"selfReportPct":50,"incidentCount":16,"matched":true,"inferred":false,"parent":"","note":"Volume may be undercounted. Cross-signed roots mean some certificates issued under Amazon Trust Services may be attributed to: GoDaddy.","issuanceCaveat":"undercounted_cross_sign","crtshUrl":"https://crt.sh/?CAName=Amazon%20Trust%20Services"},{"rank":18,"id":"d-trust","caSlug":"d-trust","caOwner":"D-Trust","certs":69104,"allTimeCerts":152841,"share":0.0054,"turnover":2.2,"usageDays":165,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Germany","rootCount":12,"intermediateCount":39,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=D-Trust"},{"rank":19,"id":"taiwan-ca-inc-twca","caSlug":"taiwan-ca-inc-twca","caOwner":"Taiwan-CA Inc. (TWCA)","certs":59857,"allTimeCerts":353509,"share":0.0047,"turnover":5.9,"usageDays":62,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Taiwan (Republic of China)","rootCount":5,"intermediateCount":16,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":42.432,"selfReportPct":60,"incidentCount":15,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Taiwan-CA%20Inc.%20%28TWCA%29"},{"rank":20,"id":"swisssign-ag","caSlug":"swisssign-ag","caOwner":"SwissSign AG","certs":45325,"allTimeCerts":174823,"share":0.0036,"turnover":3.9,"usageDays":95,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Switzerland","rootCount":8,"intermediateCount":3,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":371.805,"selfReportPct":77,"incidentCount":65,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=SwissSign%20AG"},{"rank":21,"id":"secom-trust-systems-co-ltd","caSlug":"secom-trust-systems-co-ltd","caOwner":"SECOM Trust Systems CO., LTD.","certs":40095,"allTimeCerts":488676,"share":0.0032,"turnover":12.2,"usageDays":30,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Japan","rootCount":12,"intermediateCount":41,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":73.668,"selfReportPct":53,"incidentCount":36,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=SECOM%20Trust%20Systems%20CO.%2C%20LTD."},{"rank":22,"id":"telia-company","caSlug":"telia-company","caOwner":"Telia Company","certs":35392,"allTimeCerts":137353,"share":0.0028,"turnover":3.9,"usageDays":94,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Sweden","rootCount":12,"intermediateCount":28,"webCoverage":96.9,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":269.379,"selfReportPct":68,"incidentCount":37,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Telia%20Company"},{"rank":23,"id":"cybertrust-japan-co-ltd","caSlug":"cybertrust-japan-co-ltd","caOwner":"Cybertrust Japan Co., Ltd.","certs":33396,"allTimeCerts":205128,"share":0.0026,"turnover":6.1,"usageDays":59,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":false,"apple":false},"storeCount":2,"country":"Japan","rootCount":13,"intermediateCount":9,"webCoverage":2.3,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":14.625,"selfReportPct":33,"incidentCount":3,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Cybertrust%20Japan%20Co.%2C%20Ltd."},{"rank":24,"id":"shanghai-electronic-certification-authority-co-ltd","caSlug":"shanghai-electronic-certification-authority-co-ltd","caOwner":"Shanghai Electronic Certification Authority Co., Ltd.","certs":31608,"allTimeCerts":64566,"share":0.0025,"turnover":2.0,"usageDays":179,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":false},"storeCount":3,"country":"China","rootCount":12,"intermediateCount":60,"webCoverage":80.5,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":418.177,"selfReportPct":70,"incidentCount":27,"matched":true,"inferred":false,"parent":"","note":"Volume may be undercounted. Cross-signed roots mean some certificates issued under Shanghai Electronic Certification Authority Co., Ltd. may be attributed to: Asseco Data Systems S.A..","issuanceCaveat":"undercounted_cross_sign","crtshUrl":"https://crt.sh/?CAName=Shanghai%20Electronic%20Certification%20Authority%20Co.%2C%20Ltd."},{"rank":26,"id":"deutsche-telekom-security-gmbh","caSlug":"deutsche-telekom-security-gmbh","caOwner":"Deutsche Telekom Security GmbH","certs":20806,"allTimeCerts":120903,"share":0.0016,"turnover":5.8,"usageDays":63,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Germany","rootCount":7,"intermediateCount":37,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":239.862,"selfReportPct":48,"incidentCount":29,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Deutsche%20Telekom%20Security%20GmbH"},{"rank":27,"id":"naver-cloud-trust-services","caSlug":"naver-cloud-trust-services","caOwner":"NAVER Cloud Trust Services","certs":15146,"allTimeCerts":22247,"share":0.0012,"turnover":1.5,"usageDays":248,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Republic of Korea (South Korea)","rootCount":3,"intermediateCount":10,"webCoverage":96.9,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":449.499,"selfReportPct":70,"incidentCount":10,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=NAVER%20Cloud%20Trust%20Services"},{"rank":28,"id":"emudhra-technologies-limited","caSlug":"emudhra-technologies-limited","caOwner":"eMudhra Technologies Limited","certs":8463,"allTimeCerts":32294,"share":0.0007,"turnover":3.8,"usageDays":96,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"India","rootCount":16,"intermediateCount":50,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":588.345,"selfReportPct":79,"incidentCount":19,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=eMudhra%20Technologies%20Limited"},{"rank":29,"id":"china-financial-certification-authority-cfca","caSlug":"china-financial-certification-authority-cfca","caOwner":"China Financial Certification Authority (CFCA)","certs":5284,"allTimeCerts":26925,"share":0.0004,"turnover":5.1,"usageDays":72,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"China","rootCount":9,"intermediateCount":3,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":1151.346,"selfReportPct":48,"incidentCount":31,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=China%20Financial%20Certification%20Authority%20%28CFCA%29"},{"rank":30,"id":"chunghwa-telecom","caSlug":"chunghwa-telecom","caOwner":"Chunghwa Telecom","certs":4786,"allTimeCerts":41711,"share":0.0004,"turnover":8.7,"usageDays":42,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Taiwan, Republic of China","rootCount":6,"intermediateCount":7,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":671.286,"selfReportPct":71,"incidentCount":28,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Chunghwa%20Telecom"},{"rank":31,"id":"certsign","caSlug":"certsign","caOwner":"certSIGN","certs":4232,"allTimeCerts":18639,"share":0.0003,"turnover":4.4,"usageDays":83,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Romania","rootCount":3,"intermediateCount":8,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":1126.67,"selfReportPct":76,"incidentCount":21,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=certSIGN"},{"rank":32,"id":"oiste","caSlug":"oiste","caOwner":"OISTE","certs":3741,"allTimeCerts":3767,"share":0.0003,"turnover":1.0,"usageDays":362,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Switzerland","rootCount":7,"intermediateCount":21,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=OISTE"},{"rank":33,"id":"government-of-hong-kong-sar-hongkong-post-certizen","caSlug":"government-of-hong-kong-sar-hongkong-post-certizen","caOwner":"Government of Hong Kong (SAR), Hongkong Post, Certizen","certs":2851,"allTimeCerts":16167,"share":0.0002,"turnover":5.7,"usageDays":64,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"China","rootCount":4,"intermediateCount":5,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":494.835,"selfReportPct":88,"incidentCount":8,"matched":true,"inferred":false,"parent":"","note":"Volume may be undercounted. Cross-signed roots mean some certificates issued under Government of Hong Kong (SAR), Hongkong Post, Certizen may be attributed to: GlobalSign nv-sa.","issuanceCaveat":"undercounted_cross_sign","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Hong%20Kong%20%28SAR%29%2C%20Hongkong%20Post%2C%20Certizen"},{"rank":34,"id":"government-of-spain-f-brica-nacional-de-moneda-y-timbre-fnmt","caSlug":"government-of-spain-f-brica-nacional-de-moneda-y-timbre-fnmt","caOwner":"Government of Spain, F\u00e1brica Nacional de Moneda y Timbre (FNMT)","certs":2819,"allTimeCerts":16148,"share":0.0002,"turnover":5.7,"usageDays":64,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Spain","rootCount":7,"intermediateCount":10,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":1052.762,"selfReportPct":76,"incidentCount":17,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Spain%2C%20F%C3%A1brica%20Nacional%20de%20Moneda%20y%20Timbre%20%28FNMT%29"},{"rank":35,"id":"certigna","caSlug":"certigna","caOwner":"Certigna","certs":2789,"allTimeCerts":77210,"share":0.0002,"turnover":27.7,"usageDays":13,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"France","rootCount":6,"intermediateCount":10,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":349.696,"selfReportPct":44,"incidentCount":27,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Certigna"},{"rank":36,"id":"microsec-ltd","caSlug":"microsec-ltd","caOwner":"Microsec Ltd.","certs":2716,"allTimeCerts":11075,"share":0.0002,"turnover":4.1,"usageDays":90,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Hungary","rootCount":11,"intermediateCount":45,"webCoverage":96.9,"tls":true,"ev":false,"smime":true,"codeSigning":true,"ppm":1534.989,"selfReportPct":65,"incidentCount":17,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Microsec%20Ltd."},{"rank":37,"id":"government-of-spain-autoritat-de-certificaci-de-la-comunitat-valenciana-accv","caSlug":"government-of-spain-autoritat-de-certificaci-de-la-comunitat-valenciana-accv","caOwner":"Government of Spain, Autoritat de Certificaci\u00f3 de la Comunitat Valenciana (ACCV)","certs":2555,"allTimeCerts":17013,"share":0.0002,"turnover":6.7,"usageDays":55,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Spain","rootCount":6,"intermediateCount":4,"webCoverage":96.9,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":411.45,"selfReportPct":71,"incidentCount":7,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Spain%2C%20Autoritat%20de%20Certificaci%C3%B3%20de%20la%20Comunitat%20Valenciana%20%28ACCV%29"},{"rank":38,"id":"buypass","caSlug":"buypass","caOwner":"Buypass","certs":2531,"allTimeCerts":1293950,"share":0.0002,"turnover":511.2,"usageDays":1,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Norway","rootCount":5,"intermediateCount":4,"webCoverage":96.9,"tls":true,"ev":true,"smime":false,"codeSigning":false,"ppm":12.365,"selfReportPct":88,"incidentCount":16,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Buypass"},{"rank":39,"id":"government-of-finland-population-register-centre-s-v-est-rekisterikeskus-vrk","caSlug":"government-of-finland-population-register-centre-s-v-est-rekisterikeskus-vrk","caOwner":"Government of Finland, Population Register Centre\u2019s (V\u00e4est\u00f6rekisterikeskus, VRK)","certs":2507,"allTimeCerts":13545,"share":0.0002,"turnover":5.4,"usageDays":68,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Finland","rootCount":4,"intermediateCount":4,"webCoverage":0.0,"tls":true,"ev":false,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Finland%2C%20Population%20Register%20Centre%E2%80%99s%20%28V%C3%A4est%C3%B6rekisterikeskus%2C%20VRK%29"},{"rank":40,"id":"wisekey","caSlug":"wisekey","caOwner":"WISeKey","certs":2475,"allTimeCerts":15429,"share":0.0002,"turnover":6.2,"usageDays":59,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Switzerland","rootCount":7,"intermediateCount":21,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":1037.008,"selfReportPct":69,"incidentCount":16,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=WISeKey"},{"rank":41,"id":"open-access-technology-international-inc-oati","caSlug":"open-access-technology-international-inc-oati","caOwner":"Open Access Technology International, Inc. (OATI)","certs":2237,"allTimeCerts":11529,"share":0.0002,"turnover":5.2,"usageDays":71,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"United States","rootCount":3,"intermediateCount":3,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Open%20Access%20Technology%20International%2C%20Inc.%20%28OATI%29"},{"rank":42,"id":"autoridad-de-certificacion-firmaprofesional","caSlug":"autoridad-de-certificacion-firmaprofesional","caOwner":"Autoridad de Certificacion Firmaprofesional","certs":1839,"allTimeCerts":10526,"share":0.0001,"turnover":5.7,"usageDays":64,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Spain","rootCount":4,"intermediateCount":7,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":3515.105,"selfReportPct":65,"incidentCount":37,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Autoridad%20de%20Certificacion%20Firmaprofesional"},{"rank":43,"id":"izenpe-s-a","caSlug":"izenpe-s-a","caOwner":"Izenpe S.A.","certs":1398,"allTimeCerts":7571,"share":0.0001,"turnover":5.4,"usageDays":67,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Spain","rootCount":5,"intermediateCount":6,"webCoverage":96.9,"tls":true,"ev":true,"smime":false,"codeSigning":false,"ppm":3037.908,"selfReportPct":57,"incidentCount":23,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Izenpe%20S.A."},{"rank":44,"id":"eviden","caSlug":"eviden","caOwner":"Eviden","certs":1362,"allTimeCerts":17557,"share":0.0001,"turnover":12.9,"usageDays":28,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Germany","rootCount":5,"intermediateCount":34,"webCoverage":96.9,"tls":true,"ev":false,"smime":true,"codeSigning":true,"ppm":284.787,"selfReportPct":40,"incidentCount":5,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Eviden"},{"rank":45,"id":"postsignum","caSlug":"postsignum","caOwner":"PostSignum","certs":1028,"allTimeCerts":5445,"share":0.0001,"turnover":5.3,"usageDays":69,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Czechia","rootCount":3,"intermediateCount":2,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":367.309,"selfReportPct":100,"incidentCount":2,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=PostSignum"},{"rank":46,"id":"global-digital-cybersecurity-authority-co-ltd-formerly-guang-dong-certificate-authority-gdca","caSlug":"global-digital-cybersecurity-authority-co-ltd-formerly-guang-dong-certificate-authority-gdca","caOwner":"Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA))","certs":522,"allTimeCerts":5778,"share":0.0,"turnover":11.1,"usageDays":33,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"China","rootCount":1,"intermediateCount":12,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":1557.632,"selfReportPct":78,"incidentCount":9,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Global%20Digital%20Cybersecurity%20Authority%20Co.%2C%20Ltd.%20%28Formerly%20Guang%20Dong%20Certificate%20Authority%20%28GDCA%29%29"},{"rank":47,"id":"government-of-brazil-instituto-nacional-de-tecnologia-da-informa-o-iti","caSlug":"government-of-brazil-instituto-nacional-de-tecnologia-da-informa-o-iti","caOwner":"Government of Brazil, Instituto Nacional de Tecnologia da Informa\u00e7\u00e3o (ITI)","certs":518,"allTimeCerts":7352,"share":0.0,"turnover":14.2,"usageDays":26,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Brazil","rootCount":6,"intermediateCount":5,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Brazil%2C%20Instituto%20Nacional%20de%20Tecnologia%20da%20Informa%C3%A7%C3%A3o%20%28ITI%29"},{"rank":49,"id":"prvn-certifika-n-autorita-a-s","caSlug":"prvn-certifika-n-autorita-a-s","caOwner":"Prvn\u00ed certifika\u010dn\u00ed autorita, a.s.","certs":363,"allTimeCerts":2325,"share":0.0,"turnover":6.4,"usageDays":57,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Czechia","rootCount":9,"intermediateCount":12,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Prvn%C3%AD%20certifika%C4%8Dn%C3%AD%20autorita%2C%20a.s."},{"rank":50,"id":"disig-a-s","caSlug":"disig-a-s","caOwner":"Disig, a.s.","certs":352,"allTimeCerts":1582,"share":0.0,"turnover":4.5,"usageDays":81,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Slovakia","rootCount":5,"intermediateCount":4,"webCoverage":96.9,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":6953.224,"selfReportPct":55,"incidentCount":11,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Disig%2C%20a.s."},{"rank":51,"id":"financijska-agencija-fina","caSlug":"financijska-agencija-fina","caOwner":"Financijska agencija (Fina)","certs":331,"allTimeCerts":1916,"share":0.0,"turnover":5.8,"usageDays":63,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Croatia","rootCount":1,"intermediateCount":0,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Financijska%20agencija%20%28Fina%29"},{"rank":52,"id":"krajowa-izba-rozliczeniowa-s-a-kir","caSlug":"krajowa-izba-rozliczeniowa-s-a-kir","caOwner":"Krajowa Izba Rozliczeniowa S.A. (KIR)","certs":305,"allTimeCerts":2853,"share":0.0,"turnover":9.4,"usageDays":39,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":false},"storeCount":3,"country":"Poland","rootCount":5,"intermediateCount":2,"webCoverage":80.5,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":6659.657,"selfReportPct":0,"incidentCount":19,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Krajowa%20Izba%20Rozliczeniowa%20S.A.%20%28KIR%29"},{"rank":53,"id":"government-of-korea-klid","caSlug":"government-of-korea-klid","caOwner":"Government of Korea, KLID","certs":172,"allTimeCerts":8645,"share":0.0,"turnover":50.3,"usageDays":7,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Republic of Korea (South Korea)","rootCount":5,"intermediateCount":1,"webCoverage":0.0,"tls":true,"ev":false,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Korea%2C%20KLID"},{"rank":54,"id":"government-of-india-ministry-of-communications-information-technology-controller-of-certifying-authorities-cca","caSlug":"government-of-india-ministry-of-communications-information-technology-controller-of-certifying-authorities-cca","caOwner":"Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA)","certs":157,"allTimeCerts":856,"share":0.0,"turnover":5.5,"usageDays":67,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"India","rootCount":6,"intermediateCount":0,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20India%2C%20Ministry%20of%20Communications%20%26%20Information%20Technology%2C%20Controller%20of%20Certifying%20Authorities%20%28CCA%29"},{"rank":55,"id":"government-of-turkey-kamu-sertifikasyon-merkezi-kamu-sm","caSlug":"government-of-turkey-kamu-sertifikasyon-merkezi-kamu-sm","caOwner":"Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM)","certs":146,"allTimeCerts":928,"share":0.0,"turnover":6.4,"usageDays":57,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Turkey","rootCount":3,"intermediateCount":2,"webCoverage":96.9,"tls":true,"ev":false,"smime":false,"codeSigning":false,"ppm":3232.759,"selfReportPct":0,"incidentCount":3,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Turkey%2C%20Kamu%20Sertifikasyon%20Merkezi%20%28Kamu%20SM%29"},{"rank":56,"id":"a-trust","caSlug":"a-trust","caOwner":"A-Trust","certs":145,"allTimeCerts":385,"share":0.0,"turnover":2.7,"usageDays":137,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Austria","rootCount":11,"intermediateCount":0,"webCoverage":0.0,"tls":true,"ev":true,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=A-Trust"},{"rank":57,"id":"netlock","caSlug":"netlock","caOwner":"Netlock","certs":92,"allTimeCerts":20075,"share":0.0,"turnover":218.2,"usageDays":2,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":false},"storeCount":3,"country":"Hungary","rootCount":13,"intermediateCount":15,"webCoverage":80.5,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":1942.715,"selfReportPct":62,"incidentCount":39,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Netlock"},{"rank":58,"id":"agence-nationale-de-certification-electronique","caSlug":"agence-nationale-de-certification-electronique","caOwner":"Agence Nationale de Certification Electronique","certs":80,"allTimeCerts":816,"share":0.0,"turnover":10.2,"usageDays":36,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":false},"storeCount":3,"country":"Tunisia","rootCount":3,"intermediateCount":2,"webCoverage":80.5,"tls":true,"ev":false,"smime":false,"codeSigning":false,"ppm":4901.961,"selfReportPct":75,"incidentCount":4,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Agence%20Nationale%20de%20Certification%20Electronique"},{"rank":59,"id":"visa","caSlug":"visa","caOwner":"Visa","certs":61,"allTimeCerts":379,"share":0.0,"turnover":6.2,"usageDays":59,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"United States","rootCount":5,"intermediateCount":3,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":7915.567,"selfReportPct":0,"incidentCount":3,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Visa"},{"rank":60,"id":"edicom","caSlug":"edicom","caOwner":"EDICOM","certs":47,"allTimeCerts":335,"share":0.0,"turnover":7.1,"usageDays":51,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Spain","rootCount":2,"intermediateCount":1,"webCoverage":0.0,"tls":true,"ev":false,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=EDICOM"},{"rank":62,"id":"beijing-certificate-authority-co-ltd","caSlug":"beijing-certificate-authority-co-ltd","caOwner":"BEIJING CERTIFICATE AUTHORITY Co., Ltd.","certs":16,"allTimeCerts":62,"share":0.0,"turnover":3.9,"usageDays":94,"trustedBy":{"mozilla":true,"microsoft":false,"chrome":false,"apple":false},"storeCount":1,"country":"China","rootCount":6,"intermediateCount":17,"webCoverage":2.3,"tls":true,"ev":true,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=BEIJING%20CERTIFICATE%20AUTHORITY%20Co.%2C%20Ltd."},{"rank":63,"id":"itruschina-co-ltd","caSlug":"itruschina-co-ltd","caOwner":"iTrusChina Co., Ltd.","certs":11,"allTimeCerts":61,"share":0.0,"turnover":5.5,"usageDays":66,"trustedBy":{"mozilla":true,"microsoft":false,"chrome":true,"apple":false},"storeCount":2,"country":"China","rootCount":2,"intermediateCount":8,"webCoverage":80.5,"tls":true,"ev":true,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=iTrusChina%20Co.%2C%20Ltd."},{"rank":64,"id":"autoridad-de-certificaci-n-anf-ac","caSlug":"autoridad-de-certificaci-n-anf-ac","caOwner":"Autoridad de Certificaci\u00f3n (ANF AC)","certs":8,"allTimeCerts":38,"share":0.0,"turnover":4.8,"usageDays":77,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":false},"storeCount":3,"country":"Spain","rootCount":5,"intermediateCount":1,"webCoverage":80.5,"tls":true,"ev":true,"smime":false,"codeSigning":false,"ppm":210526.316,"selfReportPct":88,"incidentCount":8,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Autoridad%20de%20Certificaci%C3%B3n%20%28ANF%20AC%29"},{"rank":65,"id":"e-commerce-monitoring-gmbh","caSlug":"e-commerce-monitoring-gmbh","caOwner":"e-commerce monitoring GmbH","certs":6,"allTimeCerts":245,"share":0.0,"turnover":40.8,"usageDays":9,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Austria","rootCount":5,"intermediateCount":34,"webCoverage":0.0,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=e-commerce%20monitoring%20GmbH"},{"rank":79,"id":"verizon-terremark-nv","caSlug":"verizon-terremark-nv","caOwner":"Verizon Terremark NV","certs":0,"allTimeCerts":6891,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":110,"intermediateCount":565,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Verizon%20Terremark%20NV"},{"rank":80,"id":"verizon","caSlug":"verizon","caOwner":"Verizon","certs":0,"allTimeCerts":5,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":110,"intermediateCount":565,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Verizon"},{"rank":81,"id":"ac-camerfirma-s-a","caSlug":"ac-camerfirma-s-a","caOwner":"AC Camerfirma, S.A.","certs":0,"allTimeCerts":6766,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Spain","rootCount":7,"intermediateCount":12,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":true,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=AC%20Camerfirma%2C%20S.A."},{"rank":82,"id":"quovadis-trustlink-b-v","caSlug":"quovadis-trustlink-b-v","caOwner":"QuoVadis Trustlink B.V.","certs":0,"allTimeCerts":18282,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":110,"intermediateCount":565,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=QuoVadis%20Trustlink%20B.V."},{"rank":83,"id":"t-systems-international-gmbh","caSlug":"t-systems-international-gmbh","caOwner":"T-Systems International GmbH","certs":0,"allTimeCerts":4,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Germany","rootCount":7,"intermediateCount":37,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=T-Systems%20International%20GmbH"},{"rank":89,"id":"siemens-ag","caSlug":"siemens-ag","caOwner":"Siemens AG","certs":0,"allTimeCerts":7408,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"Germany","rootCount":5,"intermediateCount":34,"webCoverage":96.9,"tls":true,"ev":false,"smime":true,"codeSigning":true,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Siemens%20AG"},{"rank":90,"id":"consorci-administraci-oberta-de-catalunya-consorci-aoc-catcert","caSlug":"consorci-administraci-oberta-de-catalunya-consorci-aoc-catcert","caOwner":"Consorci Administraci\u00f3 Oberta de Catalunya (Consorci AOC, CATCert)","certs":0,"allTimeCerts":2831,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Spain","rootCount":1,"intermediateCount":4,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Consorci%20Administraci%C3%B3%20Oberta%20de%20Catalunya%20%28Consorci%20AOC%2C%20CATCert%29"},{"rank":91,"id":"multicert","caSlug":"multicert","caOwner":"MULTICERT","certs":0,"allTimeCerts":4197,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Portugal","rootCount":1,"intermediateCount":4,"webCoverage":0.0,"tls":false,"ev":false,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=MULTICERT"},{"rank":92,"id":"swiss-bit-swiss-federal-office-of-information-technology-systems-and-telecommunication-foitt","caSlug":"swiss-bit-swiss-federal-office-of-information-technology-systems-and-telecommunication-foitt","caOwner":"Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Switzerland","rootCount":6,"intermediateCount":0,"webCoverage":0.0,"tls":false,"ev":true,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Swiss%20BIT%2C%20Swiss%20Federal%20Office%20of%20Information%20Technology%2C%20Systems%20and%20Telecommunication%20%28FOITT%29"},{"rank":93,"id":"government-of-the-netherlands-pkioverheid-logius","caSlug":"government-of-the-netherlands-pkioverheid-logius","caOwner":"Government of The Netherlands, PKIoverheid (Logius)","certs":0,"allTimeCerts":4,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":false,"apple":false},"storeCount":2,"country":"Netherlands","rootCount":5,"intermediateCount":8,"webCoverage":2.3,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":11250000.0,"selfReportPct":71,"incidentCount":45,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20The%20Netherlands%2C%20PKIoverheid%20%28Logius%29"},{"rank":95,"id":"si-trust","caSlug":"si-trust","caOwner":"SI-TRUST","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Slovenia","rootCount":3,"intermediateCount":3,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=SI-TRUST"},{"rank":99,"id":"docaposte-certinomis-sas","caSlug":"docaposte-certinomis-sas","caOwner":"Docaposte Certinomis SAS","certs":0,"allTimeCerts":1375,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"France","rootCount":2,"intermediateCount":7,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Docaposte%20Certinomis%20SAS"},{"rank":100,"id":"quo-vadis-trustlink-b-v","caSlug":"quo-vadis-trustlink-b-v","caOwner":"Quo Vadis Trustlink B.V.","certs":0,"allTimeCerts":15515,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":true,"apple":true},"storeCount":4,"country":"United States","rootCount":110,"intermediateCount":565,"webCoverage":96.9,"tls":true,"ev":true,"smime":true,"codeSigning":true,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Quo%20Vadis%20Trustlink%20B.V."},{"rank":107,"id":"cybertrust-japan-jcsi","caSlug":"cybertrust-japan-jcsi","caOwner":"Cybertrust Japan / JCSI","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":false,"apple":false},"storeCount":2,"country":"Japan","rootCount":13,"intermediateCount":9,"webCoverage":2.3,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Cybertrust%20Japan%20/%20JCSI"},{"rank":109,"id":"government-of-japan-digital-agency","caSlug":"government-of-japan-digital-agency","caOwner":"Government of Japan, Digital Agency","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Japan","rootCount":3,"intermediateCount":2,"webCoverage":0.0,"tls":false,"ev":false,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Japan%2C%20Digital%20Agency"},{"rank":113,"id":"agencia-notarial-de-certificaci-n-ancert","caSlug":"agencia-notarial-de-certificaci-n-ancert","caOwner":"Agencia Notarial de Certificaci\u00f3n (ANCERT)","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Spain","rootCount":7,"intermediateCount":0,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Agencia%20Notarial%20de%20Certificaci%C3%B3n%20%28ANCERT%29"},{"rank":119,"id":"trustis","caSlug":"trustis","caOwner":"Trustis","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"United Kingdom of Great Britain and Northern Ireland","rootCount":2,"intermediateCount":0,"webCoverage":0.0,"tls":true,"ev":true,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Trustis"},{"rank":123,"id":"halcom-d-d","caSlug":"halcom-d-d","caOwner":"Halcom D.D.","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Slovenia","rootCount":4,"intermediateCount":10,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Halcom%20D.D."},{"rank":125,"id":"consejo-general-de-la-abogac-a-espa-ola","caSlug":"consejo-general-de-la-abogac-a-espa-ola","caOwner":"Consejo General de la Abogac\u00eda Espa\u00f1ola","certs":0,"allTimeCerts":4,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Spain","rootCount":2,"intermediateCount":3,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Consejo%20General%20de%20la%20Abogac%C3%ADa%20Espa%C3%B1ola"},{"rank":131,"id":"comsign","caSlug":"comsign","caOwner":"ComSign","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Israel","rootCount":4,"intermediateCount":6,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=ComSign"},{"rank":134,"id":"netrust-pte-ltd","caSlug":"netrust-pte-ltd","caOwner":"Netrust Pte Ltd","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Singapore","rootCount":2,"intermediateCount":2,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Netrust%20Pte%20Ltd"},{"rank":138,"id":"skaitmeninio-sertifikavimo-centras-ssc","caSlug":"skaitmeninio-sertifikavimo-centras-ssc","caOwner":"Skaitmeninio sertifikavimo centras (SSC)","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Lithuania","rootCount":6,"intermediateCount":1,"webCoverage":0.0,"tls":false,"ev":true,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Skaitmeninio%20sertifikavimo%20centras%20%28SSC%29"},{"rank":146,"id":"government-of-sweden-f-rs-kringskassan","caSlug":"government-of-sweden-f-rs-kringskassan","caOwner":"Government of Sweden (F\u00f6rs\u00e4kringskassan)","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Sweden","rootCount":3,"intermediateCount":0,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Sweden%20%28F%C3%B6rs%C3%A4kringskassan%29"},{"rank":150,"id":"department-of-defence-australia","caSlug":"department-of-defence-australia","caOwner":"Department of Defence Australia","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Australia","rootCount":2,"intermediateCount":0,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Department%20of%20Defence%20Australia"},{"rank":155,"id":"carillon-information-security-inc","caSlug":"carillon-information-security-inc","caOwner":"Carillon Information Security Inc.","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Canada","rootCount":2,"intermediateCount":0,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Carillon%20Information%20Security%20Inc."},{"rank":158,"id":"macao-post-and-telecommunications-bureau","caSlug":"macao-post-and-telecommunications-bureau","caOwner":"Macao Post and Telecommunications Bureau","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"China","rootCount":3,"intermediateCount":7,"webCoverage":0.0,"tls":false,"ev":false,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Macao%20Post%20and%20Telecommunications%20Bureau"},{"rank":164,"id":"trustfactory-pty-ltd","caSlug":"trustfactory-pty-ltd","caOwner":"TrustFactory(Pty)Ltd","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"South Africa","rootCount":2,"intermediateCount":1,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=TrustFactory%28Pty%29Ltd"},{"rank":167,"id":"lawtrust","caSlug":"lawtrust","caOwner":"LAWtrust","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":true,"chrome":false,"apple":false},"storeCount":2,"country":"South Africa","rootCount":3,"intermediateCount":6,"webCoverage":2.3,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=LAWtrust"},{"rank":169,"id":"zetes","caSlug":"zetes","caOwner":"Zetes","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Belgium","rootCount":1,"intermediateCount":3,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Zetes"},{"rank":171,"id":"saudi-data-and-artificial-intelligence-authority-sdaia","caSlug":"saudi-data-and-artificial-intelligence-authority-sdaia","caOwner":"Saudi Data and Artificial Intelligence Authority (SDAIA)","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Saudi Arabia","rootCount":2,"intermediateCount":4,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Saudi%20Data%20and%20Artificial%20Intelligence%20Authority%20%28SDAIA%29"},{"rank":177,"id":"thailand-national-root-certificate-authority-electronic-transactions-development-agency","caSlug":"thailand-national-root-certificate-authority-electronic-transactions-development-agency","caOwner":"Thailand National Root Certificate Authority (Electronic Transactions Development Agency)","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Thailand","rootCount":3,"intermediateCount":2,"webCoverage":0.0,"tls":true,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Thailand%20National%20Root%20Certificate%20Authority%20%28Electronic%20Transactions%20Development%20Agency%29"},{"rank":178,"id":"byte-computer-s-a","caSlug":"byte-computer-s-a","caOwner":"Byte Computer S.A.","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Greece","rootCount":1,"intermediateCount":0,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Byte%20Computer%20S.A."},{"rank":181,"id":"digitalsign-certificadora-digital-s-a","caSlug":"digitalsign-certificadora-digital-s-a","caOwner":"DigitalSign - Certificadora Digital, S.A.","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":true,"microsoft":false,"chrome":false,"apple":false},"storeCount":1,"country":"Portugal","rootCount":2,"intermediateCount":8,"webCoverage":2.3,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=DigitalSign%20-%20Certificadora%20Digital%2C%20S.A."},{"rank":192,"id":"notarius","caSlug":"notarius","caOwner":"Notarius","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"Canada","rootCount":2,"intermediateCount":3,"webCoverage":0.0,"tls":false,"ev":false,"smime":true,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Notarius"},{"rank":220,"id":"image-x-enterprises-inc","caSlug":"image-x-enterprises-inc","caOwner":"Image-X Enterprises Inc","certs":0,"allTimeCerts":0,"share":0.0,"turnover":0,"usageDays":0,"trustedBy":{"mozilla":false,"microsoft":true,"chrome":false,"apple":false},"storeCount":1,"country":"United States","rootCount":1,"intermediateCount":0,"webCoverage":0.0,"tls":false,"ev":false,"smime":false,"codeSigning":false,"ppm":null,"selfReportPct":null,"incidentCount":0,"matched":true,"inferred":false,"parent":"","note":"","issuanceCaveat":"","crtshUrl":"https://crt.sh/?CAName=Image-X%20Enterprises%20Inc"}],"concentration":{"hhi":2396,"hhiLabel":"moderately concentrated","cr3":70.13,"cr5":93.62,"cr7":99.29,"headCount":21,"headPct":99.9717,"tailCount":74,"tailPct":0.0283},"trustSurface":{"totalRoots":329,"totalOwners":88,"allFourStores":{"roots":78,"owners":37},"perStore":{"Mozilla":{"roots":167,"owners":50},"Microsoft":{"roots":305,"owners":83},"Chrome":{"roots":105,"owners":45},"Apple":{"roots":140,"owners":39}},"rootCombinations":[{"stores":["Microsoft"],"count":139},{"stores":["Apple","Chrome","Microsoft","Mozilla"],"count":78},{"stores":["Apple","Microsoft","Mozilla"],"count":35},{"stores":["Apple","Microsoft"],"count":20},{"stores":["Chrome","Microsoft","Mozilla"],"count":19},{"stores":["Microsoft","Mozilla"],"count":13},{"stores":["Mozilla"],"count":12},{"stores":["Chrome","Mozilla"],"count":5},{"stores":["Apple","Mozilla"],"count":3},{"stores":["Apple","Chrome","Mozilla"],"count":2},{"stores":["Apple"],"count":2},{"stores":["Chrome","Microsoft"],"count":1}],"ownerCombinations":[{"stores":["Microsoft"],"count":37},{"stores":["Apple","Chrome","Microsoft","Mozilla"],"count":37},{"stores":["Chrome","Microsoft","Mozilla"],"count":5},{"stores":["Microsoft","Mozilla"],"count":3},{"stores":["Mozilla"],"count":2},{"stores":["Chrome","Mozilla"],"count":2},{"stores":["Apple","Chrome","Mozilla"],"count":1},{"stores":["Apple","Microsoft"],"count":1}],"capabilities":{"tls":{"cas":77,"pct":81},"ev":{"cas":48,"pct":51},"smime":{"cas":77,"pct":81},"codeSigning":{"cas":24,"pct":25}}},"chromeRootStoreGrowth":{"source":"chromium/src/net/data/ssl/chrome_root_store commit history","entries":[{"date":"2022-02-16","totalRoots":117,"added":117,"removed":0},{"date":"2022-04-01","totalRoots":115,"added":0,"removed":2},{"date":"2022-04-05","totalRoots":128,"added":19,"removed":6},{"date":"2022-04-08","totalRoots":130,"added":2,"removed":0},{"date":"2022-05-19","totalRoots":132,"added":2,"removed":0},{"date":"2022-08-18","totalRoots":140,"added":10,"removed":2},{"date":"2023-01-14","totalRoots":138,"added":0,"removed":2},{"date":"2023-03-02","totalRoots":135,"added":0,"removed":3},{"date":"2023-06-03","totalRoots":131,"added":0,"removed":4},{"date":"2023-09-20","totalRoots":133,"added":2,"removed":0},{"date":"2023-12-03","totalRoots":134,"added":2,"removed":1},{"date":"2024-03-12","totalRoots":136,"added":2,"removed":0},{"date":"2024-05-30","totalRoots":135,"added":0,"removed":1},{"date":"2024-10-05","totalRoots":134,"added":0,"removed":1},{"date":"2025-03-20","totalRoots":244,"added":110,"removed":0},{"date":"2025-04-24","totalRoots":228,"added":1,"removed":17},{"date":"2025-06-20","totalRoots":239,"added":11,"removed":0},{"date":"2025-06-20","totalRoots":228,"added":0,"removed":11},{"date":"2025-07-09","totalRoots":226,"added":2,"removed":4},{"date":"2025-08-12","totalRoots":237,"added":11,"removed":0},{"date":"2025-10-28","totalRoots":236,"added":0,"removed":1},{"date":"2025-12-16","totalRoots":233,"added":1,"removed":4},{"date":"2026-01-08","totalRoots":239,"added":6,"removed":0},{"date":"2026-02-21","totalRoots":242,"added":4,"removed":1},{"date":"2026-04-14","totalRoots":231,"added":1,"removed":12}]},"geography":[{"region":"United States","caCount":16,"issuancePct":88.59,"certs":1127099684,"countries":[{"country":"United States","caCount":16,"issuancePct":88.59}]},{"region":"Europe","caCount":48,"issuancePct":11.35,"certs":144407756,"countries":[{"country":"United Kingdom","caCount":1,"issuancePct":11.0},{"country":"Belgium","caCount":2,"issuancePct":0.12},{"country":"Italy","caCount":1,"issuancePct":0.11},{"country":"Poland","caCount":2,"issuancePct":0.05},{"country":"Greece","caCount":2,"issuancePct":0.05},{"country":"Germany","caCount":5,"issuancePct":0.01},{"country":"Switzerland","caCount":4,"issuancePct":0.0},{"country":"Sweden","caCount":2,"issuancePct":0.0},{"country":"Spain","caCount":10,"issuancePct":0.0},{"country":"Romania","caCount":1,"issuancePct":0.0},{"country":"Hungary","caCount":2,"issuancePct":0.0},{"country":"France","caCount":2,"issuancePct":0.0},{"country":"Norway","caCount":1,"issuancePct":0.0},{"country":"Finland","caCount":1,"issuancePct":0.0},{"country":"Czechia","caCount":2,"issuancePct":0.0},{"country":"Slovakia","caCount":1,"issuancePct":0.0},{"country":"Croatia","caCount":1,"issuancePct":0.0},{"country":"Austria","caCount":2,"issuancePct":0.0},{"country":"Netherlands","caCount":1,"issuancePct":0.0},{"country":"Portugal","caCount":2,"issuancePct":0.0},{"country":"Slovenia","caCount":2,"issuancePct":0.0},{"country":"Lithuania","caCount":1,"issuancePct":0.0}]},{"region":"Asia-Pacific","caCount":17,"issuancePct":0.05,"certs":626634,"countries":[{"country":"China","caCount":8,"issuancePct":0.04},{"country":"Japan","caCount":4,"issuancePct":0.01},{"country":"India","caCount":2,"issuancePct":0.0},{"country":"Singapore","caCount":1,"issuancePct":0.0},{"country":"Australia","caCount":1,"issuancePct":0.0},{"country":"Thailand","caCount":1,"issuancePct":0.0}]},{"region":"Americas","caCount":3,"issuancePct":0.0,"certs":518,"countries":[{"country":"Brazil","caCount":1,"issuancePct":0.0},{"country":"Canada","caCount":2,"issuancePct":0.0}]},{"region":"Middle East / Africa","caCount":6,"issuancePct":0.0,"certs":226,"countries":[{"country":"Turkey","caCount":1,"issuancePct":0.0},{"country":"Tunisia","caCount":1,"issuancePct":0.0},{"country":"Israel","caCount":1,"issuancePct":0.0},{"country":"South Africa","caCount":2,"issuancePct":0.0},{"country":"Saudi Arabia","caCount":1,"issuancePct":0.0}]}],"governmentRisk":{"total":31,"issuancePct":0.06,"byType":{"governmentOperated":{"count":22,"certs":13652,"pct":0.0},"stateOwnedEnterprise":{"count":9,"certs":695224,"pct":0.05}},"cas":[{"caOwner":"HARICA","crtshUrl":"https://crt.sh/?CAName=HARICA","type":"state_owned_enterprise","country":"Greece","relationship":"Operated by Greek academic/research network, government-funded institution","storeCount":4,"certs":595684},{"caOwner":"Telia Company","crtshUrl":"https://crt.sh/?CAName=Telia%20Company","type":"state_owned_enterprise","country":"Sweden","relationship":"Swedish and Finnish state partial ownership (~37% Swedish state)","storeCount":4,"certs":35392},{"caOwner":"Shanghai Electronic Certification Authority Co., Ltd.","crtshUrl":"https://crt.sh/?CAName=Shanghai%20Electronic%20Certification%20Authority%20Co.%2C%20Ltd.","type":"state_owned_enterprise","country":"China","relationship":"State-affiliated entity, Shanghai municipality","storeCount":3,"certs":31608},{"caOwner":"Deutsche Telekom Security GmbH","crtshUrl":"https://crt.sh/?CAName=Deutsche%20Telekom%20Security%20GmbH","type":"state_owned_enterprise","country":"Germany","relationship":"German federal government holds ~30% of Deutsche Telekom via KfW","storeCount":4,"certs":20806},{"caOwner":"China Financial Certification Authority (CFCA)","crtshUrl":"https://crt.sh/?CAName=China%20Financial%20Certification%20Authority%20%28CFCA%29","type":"state_owned_enterprise","country":"China","relationship":"Established by People's Bank of China","storeCount":4,"certs":5284},{"caOwner":"Chunghwa Telecom","crtshUrl":"https://crt.sh/?CAName=Chunghwa%20Telecom","type":"state_owned_enterprise","country":"Taiwan","relationship":"Majority state-owned telecom (Taiwan Ministry of Transportation)","storeCount":4,"certs":4786},{"caOwner":"Government of Hong Kong (SAR), Hongkong Post, Certizen","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Hong%20Kong%20%28SAR%29%2C%20Hongkong%20Post%2C%20Certizen","type":"government_operated","country":"Hong Kong","relationship":"Hong Kong Post, SAR government agency","storeCount":4,"certs":2851},{"caOwner":"Government of Spain, F\u00e1brica Nacional de Moneda y Timbre (FNMT)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Spain%2C%20F%C3%A1brica%20Nacional%20de%20Moneda%20y%20Timbre%20%28FNMT%29","type":"government_operated","country":"Spain","relationship":"Spanish Royal Mint, government agency","storeCount":4,"certs":2819},{"caOwner":"Government of Spain, Autoritat de Certificaci\u00f3 de la Comunitat Valenciana (ACCV)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Spain%2C%20Autoritat%20de%20Certificaci%C3%B3%20de%20la%20Comunitat%20Valenciana%20%28ACCV%29","type":"government_operated","country":"Spain","relationship":"Valencian regional government agency","storeCount":4,"certs":2555},{"caOwner":"Government of Finland, Population Register Centre\u2019s (V\u00e4est\u00f6rekisterikeskus, VRK)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Finland%2C%20Population%20Register%20Centre%E2%80%99s%20%28V%C3%A4est%C3%B6rekisterikeskus%2C%20VRK%29","type":"government_operated","country":"Finland","relationship":"Finnish population register, government agency","storeCount":1,"certs":2507},{"caOwner":"Autoridad de Certificacion Firmaprofesional","crtshUrl":"https://crt.sh/?CAName=Autoridad%20de%20Certificacion%20Firmaprofesional","type":"government_operated","country":"Spain","relationship":"Spanish notarial professional body, quasi-governmental","storeCount":4,"certs":1839},{"caOwner":"PostSignum","crtshUrl":"https://crt.sh/?CAName=PostSignum","type":"state_owned_enterprise","country":"Czechia","relationship":"Operated by \u010cesk\u00e1 po\u0161ta, s.p. (Czech Post), a state-owned enterprise of the Czech Republic","storeCount":1,"certs":1028},{"caOwner":"Government of Brazil, Instituto Nacional de Tecnologia da Informa\u00e7\u00e3o (ITI)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Brazil%2C%20Instituto%20Nacional%20de%20Tecnologia%20da%20Informa%C3%A7%C3%A3o%20%28ITI%29","type":"government_operated","country":"Brazil","relationship":"Brazilian federal IT institute, operates ICP-Brasil","storeCount":1,"certs":518},{"caOwner":"Financijska agencija (Fina)","crtshUrl":"https://crt.sh/?CAName=Financijska%20agencija%20%28Fina%29","type":"state_owned_enterprise","country":"Croatia","relationship":"Croatian state-owned financial agency","storeCount":1,"certs":331},{"caOwner":"Krajowa Izba Rozliczeniowa S.A. (KIR)","crtshUrl":"https://crt.sh/?CAName=Krajowa%20Izba%20Rozliczeniowa%20S.A.%20%28KIR%29","type":"state_owned_enterprise","country":"Poland","relationship":"Polish interbank clearing house, established by statute, owned by National Bank of Poland and commercial banks under state mandate","storeCount":3,"certs":305},{"caOwner":"Government of Korea, KLID","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Korea%2C%20KLID","type":"government_operated","country":"South Korea","relationship":"Korean government agency","storeCount":1,"certs":172},{"caOwner":"Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20India%2C%20Ministry%20of%20Communications%20%26%20Information%20Technology%2C%20Controller%20of%20Certifying%20Authorities%20%28CCA%29","type":"government_operated","country":"India","relationship":"Indian federal ministry","storeCount":1,"certs":157},{"caOwner":"Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Turkey%2C%20Kamu%20Sertifikasyon%20Merkezi%20%28Kamu%20SM%29","type":"government_operated","country":"Turkey","relationship":"Turkish government certification center","storeCount":4,"certs":146},{"caOwner":"Agence Nationale de Certification Electronique","crtshUrl":"https://crt.sh/?CAName=Agence%20Nationale%20de%20Certification%20Electronique","type":"government_operated","country":"Tunisia","relationship":"Tunisian national certification agency","storeCount":3,"certs":80},{"caOwner":"Autoridad de Certificaci\u00f3n (ANF AC)","crtshUrl":"https://crt.sh/?CAName=Autoridad%20de%20Certificaci%C3%B3n%20%28ANF%20AC%29","type":"government_operated","country":"Spain","relationship":"Spanish certification authority","storeCount":3,"certs":8},{"caOwner":"Consorci Administraci\u00f3 Oberta de Catalunya (Consorci AOC, CATCert)","crtshUrl":"https://crt.sh/?CAName=Consorci%20Administraci%C3%B3%20Oberta%20de%20Catalunya%20%28Consorci%20AOC%2C%20CATCert%29","type":"government_operated","country":"Spain","relationship":"Public-sector consortium of Catalan regional and local governments, established by act of the Catalan Parliament (Law 29/2010)","storeCount":1,"certs":0},{"caOwner":"Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)","crtshUrl":"https://crt.sh/?CAName=Swiss%20BIT%2C%20Swiss%20Federal%20Office%20of%20Information%20Technology%2C%20Systems%20and%20Telecommunication%20%28FOITT%29","type":"government_operated","country":"Switzerland","relationship":"Swiss Federal Office of Information Technology, Systems and Telecommunication","storeCount":1,"certs":0},{"caOwner":"Government of The Netherlands, PKIoverheid (Logius)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20The%20Netherlands%2C%20PKIoverheid%20%28Logius%29","type":"government_operated","country":"Netherlands","relationship":"Dutch government PKI operated by Logius","storeCount":2,"certs":0},{"caOwner":"SI-TRUST","crtshUrl":"https://crt.sh/?CAName=SI-TRUST","type":"government_operated","country":"Slovenia","relationship":"Slovenian government trust service provider","storeCount":1,"certs":0},{"caOwner":"Government of Japan, Digital Agency","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Japan%2C%20Digital%20Agency","type":"government_operated","country":"Japan","relationship":"Japanese Digital Agency, cabinet-level","storeCount":1,"certs":0},{"caOwner":"Agencia Notarial de Certificaci\u00f3n (ANCERT)","crtshUrl":"https://crt.sh/?CAName=Agencia%20Notarial%20de%20Certificaci%C3%B3n%20%28ANCERT%29","type":"government_operated","country":"Spain","relationship":"Operated by Consejo General del Notariado (Spanish General Council of Notaries), a statutory professional body created by Spanish law","storeCount":1,"certs":0},{"caOwner":"Consejo General de la Abogac\u00eda Espa\u00f1ola","crtshUrl":"https://crt.sh/?CAName=Consejo%20General%20de%20la%20Abogac%C3%ADa%20Espa%C3%B1ola","type":"government_operated","country":"Spain","relationship":"Spanish General Council of Bar Associations \u2014 statutory professional body established by Spanish law","storeCount":1,"certs":0},{"caOwner":"Government of Sweden (F\u00f6rs\u00e4kringskassan)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20Sweden%20%28F%C3%B6rs%C3%A4kringskassan%29","type":"government_operated","country":"Sweden","relationship":"Swedish Social Insurance Agency","storeCount":1,"certs":0},{"caOwner":"Department of Defence Australia","crtshUrl":"https://crt.sh/?CAName=Department%20of%20Defence%20Australia","type":"government_operated","country":"Australia","relationship":"Australian Department of Defence, federal government","storeCount":1,"certs":0},{"caOwner":"Macao Post and Telecommunications Bureau","crtshUrl":"https://crt.sh/?CAName=Macao%20Post%20and%20Telecommunications%20Bureau","type":"government_operated","country":"Macao","relationship":"Macao SAR government postal and telecom bureau","storeCount":1,"certs":0},{"caOwner":"Thailand National Root Certificate Authority (Electronic Transactions Development Agency)","crtshUrl":"https://crt.sh/?CAName=Thailand%20National%20Root%20Certificate%20Authority%20%28Electronic%20Transactions%20Development%20Agency%29","type":"government_operated","country":"Thailand","relationship":"Thai Electronic Transactions Development Agency","storeCount":1,"certs":0}]},"jurisdictionRisk":[{"country":"China","risk":"high","axes":{"keySeizure":"purpose","compelledIssuance":"purpose","secrecy":"purpose"},"summary":"Mandatory cooperation for all organizations (NIL Art. 7/14); full SCA access to systems and keys in critical information infrastructure (Cryptography Law Art. 31).","laws":[{"name":"National Intelligence Law (2017)","section":"Articles 7, 14","excerpt":"All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law."},{"name":"Cryptography Law (2019)","section":"Article 31","excerpt":"SCA and local agencies have complete access to the cryptography system and to the data protected by that system."},{"name":"Cybersecurity Law (2016)","section":"Article 28","excerpt":"Network operators shall provide technical support and assistance to public security organs and national security organs."}],"caCount":8,"exposedCerts":544523},{"country":"Russia","risk":"high","axes":{"keySeizure":"purpose","compelledIssuance":"purpose","secrecy":"purpose"},"summary":"FSB direct access via SORM; Yarovaya Law requires encryption key disclosure without court order.","laws":[{"name":"Yarovaya Law (2016)","section":"Federal Law 374-FZ","excerpt":"Any online service that uses encrypted data is required to permit the FSB to access encrypted communications, including providing any encryption keys."},{"name":"SORM Regulations (1995+)","section":"System for Operative Investigative Activities","excerpt":"FSB has access to electronic messages and the keys to decrypt these without judicial authorization."}],"caCount":0,"exposedCerts":0},{"country":"United Kingdom","risk":"high","axes":{"keySeizure":"purpose","compelledIssuance":"purpose","secrecy":"purpose"},"summary":"RIPA s.49 compels key disclosure with up to 5yr penalty; IPA 2016 Technical Capability Notices; tipping-off ban prevents disclosure to auditors.","laws":[{"name":"RIPA 2000, Part III","section":"Sections 49, 53, 54","excerpt":"A disclosure requirement is necessary if it is necessary (a) in the interests of national security; (b) for preventing or detecting crime; (c) in the interests of the economic well-being of the UK."},{"name":"Investigatory Powers Act 2016","section":"Technical Capability Notices","excerpt":"Government can serve Technical Capability Notices requiring operators to remove electronic protection on communications on an ongoing basis."}],"caCount":1,"exposedCerts":139965246},{"country":"Australia","risk":"high","axes":{"keySeizure":"purpose","compelledIssuance":"purpose","secrecy":"purpose"},"summary":"TOLA Act TANs/TCNs compel decryption assistance from broad DCP class; 5yr gag order penalty; 10yr for warrant non-compliance.","laws":[{"name":"Assistance and Access Act 2018 (TOLA)","section":"TAR / TAN / TCN framework","excerpt":"DCPs include software developers, device manufacturers, and anyone who provides services that facilitate a carriage or electronic service."}],"caCount":1,"exposedCerts":0},{"country":"India","risk":"moderate","axes":{"keySeizure":"purpose","compelledIssuance":"purpose","secrecy":"none"},"summary":"IT Act s.69 executive orders to intermediaries; no judicial oversight; 7yr penalty for noncompliance.","laws":[{"name":"Information Technology Act 2000 (amended 2008)","section":"Section 69(1)(3)(4)","excerpt":"The subscriber or intermediary or any person in-charge of the computer resource shall assist the agency to intercept, monitor, or decrypt the information. Failure: imprisonment up to seven years."}],"caCount":2,"exposedCerts":8620},{"country":"United States","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"Judicial oversight required; CALEA limits carrier decryption duty; All Writs Act and NSLs (with gag) possible. Lavabit precedent for SSL keys.","laws":[{"name":"CALEA (1994)","section":"Section 103(a)","excerpt":"A carrier shall not be responsible for decrypting any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier."},{"name":"NSLs / All Writs Act","section":"18 USC \u00a72709; 28 USC \u00a71651","excerpt":"Lavabit shut down rather than surrender its master private keys due to the government wanting to spy on Edward Snowden's emails."}],"caCount":16,"exposedCerts":1127099684},{"country":"France","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"Judicial orders only; 3yr / \u20ac270K penalty for refusal.","laws":[{"name":"Code of Criminal Procedure","section":"Article 230-1","excerpt":"A judge may designate a technical expert to obtain plaintext from encrypted data seized during an investigation."}],"caCount":2,"exposedCerts":2789},{"country":"New Zealand","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"general","secrecy":"none"},"summary":"TICSA requires interception capability; Search and Surveillance Act s.130 compels key access under warrant.","laws":[{"name":"TICSA (2013)","section":"Interception capability","excerpt":"Network operators must decrypt communications if they have provided the encryption or hold the decryption key."}],"caCount":0,"exposedCerts":0},{"country":"South Africa","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"RICA s.21 requires provider decryption assistance if key held. Key safeguards struck down by Constitutional Court in 2021; amendments pending.","laws":[{"name":"RICA 2002","section":"Section 21","excerpt":"Encrypted communications must be provided in decrypted form if the provider holds the decryption key."}],"caCount":2,"exposedCerts":0},{"country":"Turkey","risk":"moderate","axes":{"keySeizure":"purpose","compelledIssuance":"none","secrecy":"none"},"summary":"BTK orders for hosting/access providers; electronic communications law requires interception capability.","laws":[{"name":"Law No. 5651 (2007, amended)","section":"BTK authority","excerpt":"Hosting and access providers must comply with government orders including providing access to encrypted data."}],"caCount":1,"exposedCerts":146},{"country":"Cambodia","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"E-Commerce Law Art. 43 prohibits encrypting evidence; untested but broadly worded.","laws":[{"name":"Law on Electronic Commerce (2019)","section":"Article 43","excerpt":"Prohibits any encryption of evidence in the form of data that could lead to an indictment, or any evidence in an electronic system that relates to an offense."}],"caCount":0,"exposedCerts":0},{"country":"Belgium","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"Third-party (non-suspect) assistance only; judicial order required. GlobalSign incorporated here.","laws":[{"name":"Code of Criminal Procedure","section":"Article 88quater","excerpt":"A judge may order non-suspect third parties to provide decryption assistance. Suspects protected by self-incrimination principle."}],"caCount":2,"exposedCerts":1553047},{"country":"Finland","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"System admins compelled; suspects exempt under Coercive Measures Act.","laws":[{"name":"Coercive Measures Act (2011)","section":"Chapter 8","excerpt":"System owners and administrators must surrender necessary passwords. Suspects themselves are exempt."}],"caCount":1,"exposedCerts":2507},{"country":"Germany","risk":"low","axes":{"keySeizure":"none","compelledIssuance":"none","secrecy":"none"},"summary":"Strong nemo tenetur; no compulsion for suspects; regulatory readability obligations only in non-criminal contexts.","laws":[{"name":"Strafprozessordnung (StPO)","section":"Criminal Procedure Code","excerpt":"Suspects cannot be compelled to hand over any kind of cryptographic key due to the nemo tenetur principle."}],"caCount":5,"exposedCerts":91272},{"country":"Canada","risk":"low","axes":{"keySeizure":"none","compelledIssuance":"none","secrecy":"none"},"summary":"Charter s.11(c) protects against compelled self-incrimination. No statutory key-disclosure law. Strongest Five Eyes protections.","laws":[{"name":"Charter of Rights and Freedoms (1982)","section":"Section 11(c)","excerpt":"No legislative power can require individuals to decrypt encrypted communications. The federal government has recognised it has no legislative authority to compel individuals to provide a password."}],"caCount":2,"exposedCerts":0},{"country":"Hong Kong","risk":"high","axes":{"keySeizure":"purpose","compelledIssuance":"general","secrecy":"purpose"},"summary":"NSL Art.43 allows police to search/seize electronic devices and compel assistance without judicial oversight for national security matters; Schedule 6 para 3 imposes statutory non-disclosure obligation on assisting parties. Pre-NSL, ICSO Cap.589 required panel judge authorization; post-2020 NSL creates a parallel track with executive authorization and no independent oversight.","laws":[{"name":"National Security Law (2020)","section":"Article 43; Schedule 6 paragraphs 3, 7","excerpt":""},{"name":"Interception of Communications and Surveillance Ordinance (Cap. 589)","section":"ICSO \u2014 superseded by NSL for national security matters","excerpt":""}],"caCount":0,"exposedCerts":0},{"country":"Netherlands","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"Art.126m(6) DCCP compels third parties with knowledge of an encryption method to assist decryption when a serious offence is suspected; cannot target the suspect (Art.126m(7)). Judicial oversight via public prosecutor order. No compelled issuance mechanism or statutory gag.","laws":[{"name":"Code of Criminal Procedure (Wetboek van Strafvordering)","section":"Article 126m(6), 126m(7)","excerpt":""}],"caCount":1,"exposedCerts":0},{"country":"Spain","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"LECrim Art.588ter (Organic Law 13/2015) requires judicial order for interception of telecommunications. LGTel Art.39.11 requires operators to deliver communications free of encryption effects where reversible. Judicial oversight required throughout; no statutory compelled issuance or gag.","laws":[{"name":"Ley de Enjuiciamiento Criminal (LECrim)","section":"Article 588ter a; Article 588 bis a","excerpt":""},{"name":"General Telecommunications Act (LGTel, Law 11/2022)","section":"Article 39.11","excerpt":""}],"caCount":10,"exposedCerts":8666},{"country":"Brazil","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"Law 9.296/1996 Art.1 requires judicial order for interception; providers must make available technological resources to suspend confidentiality including decryption where provider has capability. Brazilian courts have applied this aggressively \u2014 executives arrested and services suspended to compel compliance (WhatsApp, 2015\u20132016). No compelled issuance statute; no gag provision.","laws":[{"name":"Lei 9.296/1996 (Communications Interception Law)","section":"Article 1","excerpt":""},{"name":"Marco Civil da Internet (Law 12.965/2014)","section":"Article 7(II), Article 10","excerpt":""}],"caCount":1,"exposedCerts":518},{"country":"Greece","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"Presidential Decree 47 compels service providers to decrypt communications and stored data on competent authority request. Law 2225/1994 as amended governs lawful interception; judicial order required. No purpose-built key seizure statute targeting CA signing keys; no compelled issuance mechanism; no statutory gag.","laws":[{"name":"Presidential Decree 47","section":"Provider decryption obligation","excerpt":""},{"name":"Law 2225/1994 (as amended)","section":"Lawful interception framework","excerpt":""}],"caCount":2,"exposedCerts":595684},{"country":"Switzerland","risk":"low","axes":{"keySeizure":"general","compelledIssuance":"none","secrecy":"none"},"summary":"B\u00dcPF (SR 780.1) Art.22 requires providers to hand over available data under judicial order. No general key-disclosure mandate in current law; proposed V\u00dcPF Art.50a decryption requirement is not yet enacted (consultation closed May 2025, outcome pending). No compelled issuance mechanism; no gag provision.","laws":[{"name":"Federal Act on the Surveillance of Post and Telecommunications (B\u00dcPF, SR 780.1)","section":"Article 22","excerpt":""}],"caCount":4,"exposedCerts":51541}],"incidents":{"total":1466,"caCount":54,"years":[{"year":2014,"count":2},{"year":2015,"count":1},{"year":2016,"count":5},{"year":2017,"count":80},{"year":2018,"count":78},{"year":2019,"count":196},{"year":2020,"count":203},{"year":2021,"count":161},{"year":2022,"count":96},{"year":2023,"count":126},{"year":2024,"count":200},{"year":2025,"count":214},{"year":2026,"count":104}],"perCA":[{"ca":"DigiCert","id":"digicert","count":173,"selfReported":82,"externallyReported":91,"selfReportPct":47,"ppm":0.152,"trusted":true},{"ca":"Sectigo","id":"sectigo","count":110,"selfReported":68,"externallyReported":42,"selfReportPct":62,"ppm":0.086,"trusted":true},{"ca":"IdenTrust Services, LLC","id":"identrust-services-llc","count":75,"selfReported":61,"externallyReported":14,"selfReportPct":81,"ppm":1.909,"trusted":true},{"ca":"SwissSign AG","id":"swisssign-ag","count":65,"selfReported":50,"externallyReported":15,"selfReportPct":77,"ppm":371.805,"trusted":true},{"ca":"GlobalSign nv-sa","id":"globalsign-nv-sa","count":56,"selfReported":34,"externallyReported":22,"selfReportPct":61,"ppm":1.099,"trusted":true},{"ca":"Microsoft Corporation","id":"microsoft-corporation","count":51,"selfReported":25,"externallyReported":26,"selfReportPct":49,"ppm":0.156,"trusted":true},{"ca":"GoDaddy","id":"godaddy","count":47,"selfReported":27,"externallyReported":20,"selfReportPct":57,"ppm":0.108,"trusted":true},{"ca":"Asseco Data Systems S.A.","id":"asseco-data-systems-s-a","count":47,"selfReported":25,"externallyReported":22,"selfReportPct":53,"ppm":7.86,"trusted":true},{"ca":"Government of The Netherlands, PKIoverheid (Logius)","id":"government-of-the-netherlands-pkioverheid-logius","count":45,"selfReported":32,"externallyReported":13,"selfReportPct":71,"ppm":11250000.0,"trusted":true},{"ca":"Internet Security Research Group","id":"internet-security-research-group","count":39,"selfReported":19,"externallyReported":20,"selfReportPct":49,"ppm":0.004,"trusted":true},{"ca":"Netlock","id":"netlock","count":39,"selfReported":24,"externallyReported":15,"selfReportPct":62,"ppm":1942.715,"trusted":true},{"ca":"Google Trust Services LLC","id":"google-trust-services-llc","count":39,"selfReported":8,"externallyReported":31,"selfReportPct":21,"ppm":0.021,"trusted":true},{"ca":"Autoridad de Certificacion Firmaprofesional","id":"autoridad-de-certificacion-firmaprofesional","count":37,"selfReported":24,"externallyReported":13,"selfReportPct":65,"ppm":3515.105,"trusted":true},{"ca":"Telia Company","id":"telia-company","count":37,"selfReported":25,"externallyReported":12,"selfReportPct":68,"ppm":269.379,"trusted":true},{"ca":"SECOM Trust Systems CO., LTD.","id":"secom-trust-systems-co-ltd","count":36,"selfReported":19,"externallyReported":17,"selfReportPct":53,"ppm":73.668,"trusted":true},{"ca":"D-TRUST","id":"d-trust","count":32,"selfReported":22,"externallyReported":10,"selfReportPct":69,"ppm":209.368,"trusted":true},{"ca":"China Financial Certification Authority (CFCA)","id":"china-financial-certification-authority-cfca","count":31,"selfReported":15,"externallyReported":16,"selfReportPct":48,"ppm":1151.346,"trusted":true},{"ca":"SSL.com","id":"ssl-com","count":31,"selfReported":17,"externallyReported":14,"selfReportPct":55,"ppm":0.325,"trusted":true},{"ca":"Deutsche Telekom Security GmbH","id":"deutsche-telekom-security-gmbh","count":29,"selfReported":14,"externallyReported":15,"selfReportPct":48,"ppm":239.862,"trusted":true},{"ca":"Chunghwa Telecom","id":"chunghwa-telecom","count":28,"selfReported":20,"externallyReported":8,"selfReportPct":71,"ppm":671.286,"trusted":true},{"ca":"Certigna","id":"certigna","count":27,"selfReported":12,"externallyReported":15,"selfReportPct":44,"ppm":349.696,"trusted":true},{"ca":"Shanghai Electronic Certification Authority Co., Ltd.","id":"shanghai-electronic-certification-authority-co-ltd","count":27,"selfReported":19,"externallyReported":8,"selfReportPct":70,"ppm":418.177,"trusted":true},{"ca":"Izenpe S.A.","id":"izenpe-s-a","count":23,"selfReported":13,"externallyReported":10,"selfReportPct":57,"ppm":3037.908,"trusted":true},{"ca":"Actalis","id":"actalis","count":23,"selfReported":14,"externallyReported":9,"selfReportPct":61,"ppm":3.491,"trusted":true},{"ca":"certSIGN","id":"certsign","count":21,"selfReported":16,"externallyReported":5,"selfReportPct":76,"ppm":1126.67,"trusted":true},{"ca":"Viking Cloud, Inc.","id":"viking-cloud-inc","count":20,"selfReported":8,"externallyReported":12,"selfReportPct":40,"ppm":null,"trusted":false},{"ca":"Krajowa Izba Rozliczeniowa S.A. (KIR)","id":"krajowa-izba-rozliczeniowa-s-a-kir","count":19,"selfReported":0,"externallyReported":19,"selfReportPct":0,"ppm":6659.657,"trusted":true},{"ca":"eMudhra Technologies Limited","id":"emudhra-technologies-limited","count":19,"selfReported":15,"externallyReported":4,"selfReportPct":79,"ppm":588.345,"trusted":true},{"ca":"Microsec Ltd.","id":"microsec-ltd","count":17,"selfReported":11,"externallyReported":6,"selfReportPct":65,"ppm":1534.989,"trusted":true},{"ca":"Government of Spain, F\u00e1brica Nacional de Moneda y Timbre (FNMT)","id":"government-of-spain-f-brica-nacional-de-moneda-y-timbre-fnmt","count":17,"selfReported":13,"externallyReported":4,"selfReportPct":76,"ppm":1052.762,"trusted":true},{"ca":"HARICA","id":"harica","count":17,"selfReported":10,"externallyReported":7,"selfReportPct":59,"ppm":25.961,"trusted":true},{"ca":"WISeKey","id":"wisekey","count":16,"selfReported":11,"externallyReported":5,"selfReportPct":69,"ppm":1037.008,"trusted":true},{"ca":"Amazon Trust Services","id":"amazon-trust-services","count":16,"selfReported":8,"externallyReported":8,"selfReportPct":50,"ppm":17.297,"trusted":true},{"ca":"Buypass","id":"buypass","count":16,"selfReported":14,"externallyReported":2,"selfReportPct":88,"ppm":12.365,"trusted":true},{"ca":"Taiwan-CA Inc. (TWCA)","id":"taiwan-ca-inc-twca","count":15,"selfReported":9,"externallyReported":6,"selfReportPct":60,"ppm":42.432,"trusted":true},{"ca":"Apple Inc.","id":"apple-inc","count":14,"selfReported":14,"externallyReported":0,"selfReportPct":100,"ppm":null,"trusted":false},{"ca":"Disig, a.s.","id":"disig-a-s","count":11,"selfReported":6,"externallyReported":5,"selfReportPct":55,"ppm":6953.224,"trusted":true},{"ca":"NAVER Cloud Trust Services","id":"naver-cloud-trust-services","count":10,"selfReported":7,"externallyReported":3,"selfReportPct":70,"ppm":449.499,"trusted":true},{"ca":"Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA))","id":"global-digital-cybersecurity-authority-co-ltd-formerly-guang-dong-certificate-authority-gdca","count":9,"selfReported":7,"externallyReported":2,"selfReportPct":78,"ppm":1557.632,"trusted":true},{"ca":"iTrusChina","id":"itruschina","count":9,"selfReported":7,"externallyReported":2,"selfReportPct":78,"ppm":null,"trusted":false},{"ca":"Certainly LLC","id":"certainly-llc","count":9,"selfReported":2,"externallyReported":7,"selfReportPct":22,"ppm":0.672,"trusted":true},{"ca":"Consorci AOC","id":"consorci-aoc","count":8,"selfReported":2,"externallyReported":6,"selfReportPct":25,"ppm":null,"trusted":false},{"ca":"Government of Hong Kong (SAR), Hongkong Post, Certizen","id":"government-of-hong-kong-sar-hongkong-post-certizen","count":8,"selfReported":7,"externallyReported":1,"selfReportPct":88,"ppm":494.835,"trusted":true},{"ca":"Autoridad de Certificaci\u00f3n (ANF AC)","id":"autoridad-de-certificaci-n-anf-ac","count":8,"selfReported":7,"externallyReported":1,"selfReportPct":88,"ppm":210526.316,"trusted":true},{"ca":"CommScope","id":"commscope","count":8,"selfReported":5,"externallyReported":3,"selfReportPct":62,"ppm":null,"trusted":false},{"ca":"Government of Spain, Autoritat de Certificaci\u00f3 de la Comunitat Valenciana (ACCV)","id":"government-of-spain-autoritat-de-certificaci-de-la-comunitat-valenciana-accv","count":7,"selfReported":5,"externallyReported":2,"selfReportPct":71,"ppm":411.45,"trusted":true},{"ca":"Eviden","id":"eviden","count":5,"selfReported":2,"externallyReported":3,"selfReportPct":40,"ppm":284.787,"trusted":true},{"ca":"Agence Nationale de Certification Electronique","id":"agence-nationale-de-certification-electronique","count":4,"selfReported":3,"externallyReported":1,"selfReportPct":75,"ppm":4901.961,"trusted":true},{"ca":"Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM)","id":"government-of-turkey-kamu-sertifikasyon-merkezi-kamu-sm","count":3,"selfReported":0,"externallyReported":3,"selfReportPct":0,"ppm":3232.759,"trusted":true},{"ca":"Visa","id":"visa","count":3,"selfReported":0,"externallyReported":3,"selfReportPct":0,"ppm":7915.567,"trusted":true},{"ca":"Cybertrust Japan Co., Ltd.","id":"cybertrust-japan-co-ltd","count":3,"selfReported":1,"externallyReported":2,"selfReportPct":33,"ppm":14.625,"trusted":true},{"ca":"TrustAsia Technologies, Inc.","id":"trustasia-technologies-inc","count":3,"selfReported":3,"externallyReported":0,"selfReportPct":100,"ppm":4.42,"trusted":true},{"ca":"SK ID Solutions AS","id":"sk-id-solutions-as","count":2,"selfReported":0,"externallyReported":2,"selfReportPct":0,"ppm":null,"trusted":false},{"ca":"PostSignum","id":"postsignum","count":2,"selfReported":2,"externallyReported":0,"selfReportPct":100,"ppm":367.309,"trusted":true}],"classification":{"misissuance":583,"revocation":310,"governance":451,"validation":122},"yearsByClass":[{"year":2014,"misissuance":2,"revocation":0,"governance":0,"validation":0},{"year":2015,"misissuance":1,"revocation":0,"governance":0,"validation":0},{"year":2016,"misissuance":3,"revocation":0,"governance":0,"validation":2},{"year":2017,"misissuance":45,"revocation":14,"governance":9,"validation":12},{"year":2018,"misissuance":40,"revocation":5,"governance":26,"validation":7},{"year":2019,"misissuance":111,"revocation":29,"governance":47,"validation":9},{"year":2020,"misissuance":82,"revocation":62,"governance":47,"validation":12},{"year":2021,"misissuance":73,"revocation":33,"governance":37,"validation":18},{"year":2022,"misissuance":35,"revocation":36,"governance":15,"validation":10},{"year":2023,"misissuance":48,"revocation":38,"governance":27,"validation":13},{"year":2024,"misissuance":76,"revocation":48,"governance":56,"validation":20},{"year":2025,"misissuance":42,"revocation":32,"governance":129,"validation":11},{"year":2026,"misissuance":25,"revocation":13,"governance":58,"validation":8}],"fingerprints":[{"ca":"DigiCert","misissuance":83,"revocation":32,"governance":40,"validation":18},{"ca":"Sectigo","misissuance":46,"revocation":18,"governance":23,"validation":23},{"ca":"IdenTrust Services, LLC","misissuance":29,"revocation":24,"governance":20,"validation":2},{"ca":"SwissSign AG","misissuance":31,"revocation":9,"governance":24,"validation":1},{"ca":"GlobalSign nv-sa","misissuance":33,"revocation":14,"governance":4,"validation":5},{"ca":"Microsoft Corporation","misissuance":13,"revocation":9,"governance":29,"validation":0},{"ca":"GoDaddy","misissuance":13,"revocation":16,"governance":10,"validation":8},{"ca":"Asseco Data Systems S.A.","misissuance":22,"revocation":9,"governance":12,"validation":4},{"ca":"Government of The Netherlands, PKIoverheid (Logius)","misissuance":7,"revocation":3,"governance":35,"validation":0},{"ca":"Internet Security Research Group","misissuance":10,"revocation":17,"governance":4,"validation":8},{"ca":"Netlock","misissuance":10,"revocation":10,"governance":18,"validation":1},{"ca":"Google Trust Services LLC","misissuance":6,"revocation":14,"governance":13,"validation":6},{"ca":"Autoridad de Certificacion Firmaprofesional","misissuance":8,"revocation":3,"governance":26,"validation":0},{"ca":"Telia Company","misissuance":20,"revocation":3,"governance":12,"validation":2},{"ca":"SECOM Trust Systems CO., LTD.","misissuance":19,"revocation":7,"governance":10,"validation":0},{"ca":"D-TRUST","misissuance":18,"revocation":8,"governance":6,"validation":0},{"ca":"China Financial Certification Authority (CFCA)","misissuance":16,"revocation":5,"governance":10,"validation":0},{"ca":"SSL.com","misissuance":7,"revocation":9,"governance":3,"validation":12},{"ca":"Deutsche Telekom Security GmbH","misissuance":19,"revocation":5,"governance":4,"validation":1},{"ca":"Chunghwa Telecom","misissuance":4,"revocation":4,"governance":16,"validation":4},{"ca":"Certigna","misissuance":11,"revocation":3,"governance":12,"validation":1},{"ca":"Shanghai Electronic Certification Authority Co., Ltd.","misissuance":10,"revocation":7,"governance":10,"validation":0},{"ca":"Izenpe S.A.","misissuance":12,"revocation":4,"governance":6,"validation":1},{"ca":"Actalis","misissuance":9,"revocation":10,"governance":4,"validation":0},{"ca":"certSIGN","misissuance":8,"revocation":2,"governance":11,"validation":0},{"ca":"Viking Cloud, Inc.","misissuance":7,"revocation":4,"governance":8,"validation":1},{"ca":"Krajowa Izba Rozliczeniowa S.A. (KIR)","misissuance":10,"revocation":4,"governance":5,"validation":0},{"ca":"eMudhra Technologies Limited","misissuance":3,"revocation":7,"governance":8,"validation":1},{"ca":"Microsec Ltd.","misissuance":10,"revocation":2,"governance":5,"validation":0},{"ca":"Government of Spain, F\u00e1brica Nacional de Moneda y Timbre (FNMT)","misissuance":7,"revocation":1,"governance":8,"validation":1},{"ca":"HARICA","misissuance":8,"revocation":4,"governance":1,"validation":4},{"ca":"WISeKey","misissuance":9,"revocation":5,"governance":1,"validation":1},{"ca":"Amazon Trust Services","misissuance":5,"revocation":2,"governance":4,"validation":5},{"ca":"Buypass","misissuance":5,"revocation":4,"governance":4,"validation":3},{"ca":"Taiwan-CA Inc. (TWCA)","misissuance":8,"revocation":3,"governance":4,"validation":0},{"ca":"Apple Inc.","misissuance":2,"revocation":7,"governance":4,"validation":1},{"ca":"Disig, a.s.","misissuance":5,"revocation":1,"governance":5,"validation":0},{"ca":"NAVER Cloud Trust Services","misissuance":6,"revocation":0,"governance":3,"validation":1},{"ca":"Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA))","misissuance":5,"revocation":3,"governance":0,"validation":1},{"ca":"iTrusChina","misissuance":1,"revocation":2,"governance":5,"validation":1},{"ca":"Certainly LLC","misissuance":1,"revocation":5,"governance":1,"validation":2},{"ca":"Consorci AOC","misissuance":3,"revocation":2,"governance":3,"validation":0},{"ca":"Government of Hong Kong (SAR), Hongkong Post, Certizen","misissuance":5,"revocation":2,"governance":1,"validation":0},{"ca":"Autoridad de Certificaci\u00f3n (ANF AC)","misissuance":1,"revocation":0,"governance":7,"validation":0},{"ca":"CommScope","misissuance":2,"revocation":1,"governance":3,"validation":2},{"ca":"Government of Spain, Autoritat de Certificaci\u00f3 de la Comunitat Valenciana (ACCV)","misissuance":3,"revocation":1,"governance":3,"validation":0},{"ca":"Eviden","misissuance":3,"revocation":0,"governance":2,"validation":0},{"ca":"Agence Nationale de Certification Electronique","misissuance":2,"revocation":2,"governance":0,"validation":0},{"ca":"Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM)","misissuance":3,"revocation":0,"governance":0,"validation":0},{"ca":"Visa","misissuance":1,"revocation":1,"governance":1,"validation":0},{"ca":"Cybertrust Japan Co., Ltd.","misissuance":0,"revocation":2,"governance":1,"validation":0},{"ca":"TrustAsia Technologies, Inc.","misissuance":1,"revocation":0,"governance":1,"validation":1},{"ca":"SK ID Solutions AS","misissuance":1,"revocation":0,"governance":1,"validation":0},{"ca":"PostSignum","misissuance":2,"revocation":0,"governance":0,"validation":0}],"categories":[{"category":"Misissuance","count":583},{"category":"Governance","count":451},{"category":"Revocation","count":310},{"category":"Validation","count":122}],"whiteboardTags":{"ca-compliance":1435,"ov-misissuance":318,"ev-misissuance":175,"policy-failure":168,"ocsp-failure":121,"dv-misissuance":118,"disclosure-failure":118,"audit-finding":103,"leaf-revocation-delay":100,"crl-failure":86,"ca-misissuance":56,"audit-failure":48,"uncategorized":44,"smime-misissuance":41,"ca-revocation-delay":31,"external":30,"audit-delay":17,"covid-19":7,"disclosure failure":7,"ca-onecrl":4,"ca-investigation":3,"remediation-accepted":3,"ca compliance":2,"close on 2026-05-11":2,"__-misissuance":2,"iv-misissuance":1,"ca-infosharing":1,"ca-informational":1,"close on 2025-06-03":1,"close on 2025-12-10":1,"close on 2025-12-11":1,"close on 2025-12-08":1,"close on 2026-05-15":1,"code-signing-misissuance":1,"close on 2026-05-12":1}},"brThresholds":[{"from":"2020-09-01","days":398,"label":"398 days"},{"from":"2026-03-15","days":200,"label":"200 days"},{"from":"2027-03-15","days":100,"label":"100 days"},{"from":"2029-03-15","days":47,"label":"47 days"}],"brReadiness":{"cas":[{"ca":"OISTE","useDays":362,"status":"subscriber_risk","share":0.0003,"unexpiredCerts":3741},{"ca":"HARICA","useDays":332,"status":"subscriber_risk","share":0.0468,"unexpiredCerts":595684},{"ca":"TrustAsia Technologies, Inc.","useDays":271,"status":"subscriber_risk","share":0.0396,"unexpiredCerts":504231},{"ca":"NAVER Cloud Trust Services","useDays":248,"status":"subscriber_risk","share":0.0012,"unexpiredCerts":15146},{"ca":"Shanghai Electronic Certification Authority Co., Ltd.","useDays":179,"status":"risk_2027","share":0.0025,"unexpiredCerts":31608},{"ca":"D-Trust","useDays":165,"status":"risk_2027","share":0.0054,"unexpiredCerts":69104},{"ca":"GoDaddy","useDays":134,"status":"risk_2027","share":12.4917,"unexpiredCerts":158950364},{"ca":"IdenTrust Services, LLC","useDays":131,"status":"risk_2027","share":1.105,"unexpiredCerts":14060712},{"ca":"Amazon Trust Services","useDays":119,"status":"risk_2027","share":0.0237,"unexpiredCerts":301240},{"ca":"eMudhra Technologies Limited","useDays":96,"status":"risk_2029","share":0.0007,"unexpiredCerts":8463},{"ca":"SwissSign AG","useDays":95,"status":"risk_2029","share":0.0036,"unexpiredCerts":45325},{"ca":"Telia Company","useDays":94,"status":"risk_2029","share":0.0028,"unexpiredCerts":35392},{"ca":"Microsec Ltd.","useDays":90,"status":"risk_2029","share":0.0002,"unexpiredCerts":2716},{"ca":"certSIGN","useDays":83,"status":"risk_2029","share":0.0003,"unexpiredCerts":4232},{"ca":"Actalis","useDays":79,"status":"risk_2029","share":0.1115,"unexpiredCerts":1418856},{"ca":"China Financial Certification Authority (CFCA)","useDays":72,"status":"risk_2029","share":0.0004,"unexpiredCerts":5284},{"ca":"Open Access Technology International, Inc. (OATI)","useDays":71,"status":"risk_2029","share":0.0002,"unexpiredCerts":2237},{"ca":"PostSignum","useDays":69,"status":"risk_2029","share":0.0001,"unexpiredCerts":1028},{"ca":"Government of Finland, Population Register Centre\u2019s (V\u00e4est\u00f6rekisterikeskus, VRK)","useDays":68,"status":"risk_2029","share":0.0002,"unexpiredCerts":2507},{"ca":"Izenpe S.A.","useDays":67,"status":"risk_2029","share":0.0001,"unexpiredCerts":1398},{"ca":"Microsoft Corporation","useDays":65,"status":"risk_2029","share":4.562,"unexpiredCerts":58049379},{"ca":"Government of Hong Kong (SAR), Hongkong Post, Certizen","useDays":64,"status":"risk_2029","share":0.0002,"unexpiredCerts":2851},{"ca":"Government of Spain, F\u00e1brica Nacional de Moneda y Timbre (FNMT)","useDays":64,"status":"risk_2029","share":0.0002,"unexpiredCerts":2819},{"ca":"Autoridad de Certificacion Firmaprofesional","useDays":64,"status":"risk_2029","share":0.0001,"unexpiredCerts":1839},{"ca":"Deutsche Telekom Security GmbH","useDays":63,"status":"risk_2029","share":0.0016,"unexpiredCerts":20806},{"ca":"Taiwan-CA Inc. (TWCA)","useDays":62,"status":"risk_2029","share":0.0047,"unexpiredCerts":59857},{"ca":"Cybertrust Japan Co., Ltd.","useDays":59,"status":"risk_2029","share":0.0026,"unexpiredCerts":33396},{"ca":"WISeKey","useDays":59,"status":"risk_2029","share":0.0002,"unexpiredCerts":2475},{"ca":"DigiCert","useDays":55,"status":"risk_2029","share":13.5641,"unexpiredCerts":172596251},{"ca":"Government of Spain, Autoritat de Certificaci\u00f3 de la Comunitat Valenciana (ACCV)","useDays":55,"status":"risk_2029","share":0.0002,"unexpiredCerts":2555},{"ca":"Chunghwa Telecom","useDays":42,"status":"compliant","share":0.0004,"unexpiredCerts":4786},{"ca":"Asseco Data Systems S.A.","useDays":41,"status":"compliant","share":0.0527,"unexpiredCerts":670655},{"ca":"Google Trust Services LLC","useDays":40,"status":"compliant","share":15.7648,"unexpiredCerts":200599699},{"ca":"Sectigo","useDays":40,"status":"compliant","share":10.9997,"unexpiredCerts":139965246},{"ca":"SECOM Trust Systems CO., LTD.","useDays":30,"status":"compliant","share":0.0032,"unexpiredCerts":40095},{"ca":"Eviden","useDays":28,"status":"compliant","share":0.0001,"unexpiredCerts":1362},{"ca":"Internet Security Research Group","useDays":21,"status":"compliant","share":40.7986,"unexpiredCerts":519141654},{"ca":"Certainly LLC","useDays":14,"status":"compliant","share":0.0392,"unexpiredCerts":498632},{"ca":"Certigna","useDays":13,"status":"compliant","share":0.0002,"unexpiredCerts":2789},{"ca":"SSL.com","useDays":11,"status":"compliant","share":0.2279,"unexpiredCerts":2899455},{"ca":"GlobalSign nv-sa","useDays":11,"status":"compliant","share":0.1221,"unexpiredCerts":1553047},{"ca":"Buypass","useDays":1,"status":"compliant","share":0.0002,"unexpiredCerts":2531}],"totalActiveTls":42,"subscriberRisk200d":4,"subscriberRisk100d":5,"ready47d":12,"medianUseDays":65},"cryptoSummary":{"totalRoots":311,"caCount":95,"keyFamilies":{"RSA":228,"ECC":83},"keySizes":{"RSA-4096":170,"P-384":76,"RSA-2048":55,"P-256":5,"RSA-3072":2,"P-521":2,"RSA-1024":1},"sigHashes":{"SHA-384":131,"SHA-256":118,"SHA-1":43,"SHA-512":19}},"rootAlgorithms":{"totalRoots":311,"byKeyFamily":{"RSA":228,"ECC":83},"byKeyBits":{"4096":170,"384":76,"2048":55,"256":5,"3072":2,"521":2,"1024":1},"bySigHash":{"SHA-384":131,"SHA-256":118,"SHA-1":43,"SHA-512":19},"tlsCapable":194,"evCapable":108,"sha1Roots":43,"perCA":[{"rsa":30,"ecc":13,"roots":43,"crtshUrl":"https://crt.sh/?CAName=DigiCert"},{"rsa":18,"ecc":8,"roots":26,"crtshUrl":"https://crt.sh/?CAName=Sectigo"},{"rsa":10,"ecc":8,"roots":18,"crtshUrl":"https://crt.sh/?CAName=SSL.com"},{"rsa":9,"ecc":6,"roots":15,"crtshUrl":"https://crt.sh/?CAName=GlobalSign%20nv-sa"},{"rsa":4,"ecc":6,"roots":10,"crtshUrl":"https://crt.sh/?CAName=Google%20Trust%20Services%20LLC"},{"rsa":6,"ecc":4,"roots":10,"crtshUrl":"https://crt.sh/?CAName=Telia%20Company"},{"rsa":4,"ecc":4,"roots":8,"crtshUrl":"https://crt.sh/?CAName=HARICA"},{"rsa":6,"ecc":2,"roots":8,"crtshUrl":"https://crt.sh/?CAName=SECOM%20Trust%20Systems%20CO.%2C%20LTD."},{"rsa":4,"ecc":3,"roots":7,"crtshUrl":"https://crt.sh/?CAName=OISTE"},{"rsa":5,"ecc":1,"roots":6,"crtshUrl":"https://crt.sh/?CAName=Cybertrust%20Japan%20/%20JCSI"},{"rsa":4,"ecc":2,"roots":6,"crtshUrl":"https://crt.sh/?CAName=Deutsche%20Telekom%20Security%20GmbH"},{"rsa":4,"ecc":2,"roots":6,"crtshUrl":"https://crt.sh/?CAName=eMudhra%20Technologies%20Limited"},{"rsa":3,"ecc":3,"roots":6,"crtshUrl":"https://crt.sh/?CAName=TrustAsia%20Technologies%2C%20Inc."},{"rsa":3,"ecc":2,"roots":5,"crtshUrl":"https://crt.sh/?CAName=Amazon%20Trust%20Services"},{"rsa":4,"ecc":1,"roots":5,"crtshUrl":"https://crt.sh/?CAName=Asseco%20Data%20Systems%20S.A."},{"rsa":3,"ecc":2,"roots":5,"crtshUrl":"https://crt.sh/?CAName=Eviden"},{"rsa":3,"ecc":2,"roots":5,"crtshUrl":"https://crt.sh/?CAName=Prvn%C3%AD%20certifika%C4%8Dn%C3%AD%20autorita%2C%20a.s."},{"rsa":4,"ecc":0,"roots":4,"crtshUrl":"https://crt.sh/?CAName=AC%20Camerfirma%2C%20S.A."},{"rsa":4,"ecc":0,"roots":4,"crtshUrl":"https://crt.sh/?CAName=Chunghwa%20Telecom"},{"rsa":4,"ecc":0,"roots":4,"crtshUrl":"https://crt.sh/?CAName=GoDaddy"},{"rsa":2,"ecc":2,"roots":4,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Spain%2C%20F%C3%A1brica%20Nacional%20de%20Moneda%20y%20Timbre%20%28FNMT%29"},{"rsa":4,"ecc":0,"roots":4,"crtshUrl":"https://crt.sh/?CAName=SwissSign%20AG"},{"rsa":4,"ecc":0,"roots":4,"crtshUrl":"https://crt.sh/?CAName=Taiwan-CA%20Inc.%20%28TWCA%29"},{"rsa":3,"ecc":0,"roots":3,"crtshUrl":"https://crt.sh/?CAName=Buypass"},{"rsa":3,"ecc":0,"roots":3,"crtshUrl":"https://crt.sh/?CAName=e-commerce%20monitoring%20GmbH"},{"rsa":2,"ecc":1,"roots":3,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Finland%2C%20Population%20Register%20Centre%E2%80%99s%20%28V%C3%A4est%C3%B6rekisterikeskus%2C%20VRK%29"},{"rsa":1,"ecc":2,"roots":3,"crtshUrl":"https://crt.sh/?CAName=Microsec%20Ltd."},{"rsa":2,"ecc":1,"roots":3,"crtshUrl":"https://crt.sh/?CAName=Microsoft%20Corporation"},{"rsa":2,"ecc":1,"roots":3,"crtshUrl":"https://crt.sh/?CAName=NAVER%20Cloud%20Trust%20Services"},{"rsa":2,"ecc":1,"roots":3,"crtshUrl":"https://crt.sh/?CAName=Visa"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=A-Trust"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Agencia%20Notarial%20de%20Certificaci%C3%B3n%20%28ANCERT%29"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Autoridad%20de%20Certificacion%20Firmaprofesional"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Autoridad%20de%20Certificaci%C3%B3n%20%28ANF%20AC%29"},{"rsa":1,"ecc":1,"roots":2,"crtshUrl":"https://crt.sh/?CAName=BEIJING%20CERTIFICATE%20AUTHORITY%20Co.%2C%20Ltd."},{"rsa":1,"ecc":1,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Certainly%20LLC"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Certigna"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=certSIGN"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=China%20Financial%20Certification%20Authority%20%28CFCA%29"},{"rsa":1,"ecc":1,"roots":2,"crtshUrl":"https://crt.sh/?CAName=DigitalSign%20-%20Certificadora%20Digital%2C%20S.A."},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Brazil%2C%20Instituto%20Nacional%20de%20Tecnologia%20da%20Informa%C3%A7%C3%A3o%20%28ITI%29"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Hong%20Kong%20%28SAR%29%2C%20Hongkong%20Post%2C%20Certizen"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20India%2C%20Ministry%20of%20Communications%20%26%20Information%20Technology%2C%20Controller%20of%20Certifying%20Authorities%20%28CCA%29"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20The%20Netherlands%2C%20PKIoverheid%20%28Logius%29"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=IdenTrust%20Services%2C%20LLC"},{"rsa":1,"ecc":1,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Internet%20Security%20Research%20Group"},{"rsa":1,"ecc":1,"roots":2,"crtshUrl":"https://crt.sh/?CAName=iTrusChina%20Co.%2C%20Ltd."},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=LAWtrust"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Netlock"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Notarius"},{"rsa":2,"ecc":0,"roots":2,"crtshUrl":"https://crt.sh/?CAName=Shanghai%20Electronic%20Certification%20Authority%20Co.%2C%20Ltd."},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Actalis"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Agence%20Nationale%20de%20Certification%20Electronique"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Byte%20Computer%20S.A."},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Carillon%20Information%20Security%20Inc."},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=ComSign"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Consejo%20General%20de%20la%20Abogac%C3%ADa%20Espa%C3%B1ola"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Consorci%20Administraci%C3%B3%20Oberta%20de%20Catalunya%20%28Consorci%20AOC%2C%20CATCert%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Department%20of%20Defence%20Australia"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Disig%2C%20a.s."},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Docaposte%20Certinomis%20SAS"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=EDICOM"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Financijska%20agencija%20%28Fina%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Global%20Digital%20Cybersecurity%20Authority%20Co.%2C%20Ltd.%20%28Formerly%20Guang%20Dong%20Certificate%20Authority%20%28GDCA%29%29"},{"rsa":0,"ecc":1,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Japan%2C%20Digital%20Agency"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Korea%2C%20KLID"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Spain%2C%20Autoritat%20de%20Certificaci%C3%B3%20de%20la%20Comunitat%20Valenciana%20%28ACCV%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Sweden%20%28F%C3%B6rs%C3%A4kringskassan%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Government%20of%20Turkey%2C%20Kamu%20Sertifikasyon%20Merkezi%20%28Kamu%20SM%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Halcom%20D.D."},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Image-X%20Enterprises%20Inc"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Izenpe%20S.A."},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Krajowa%20Izba%20Rozliczeniowa%20S.A.%20%28KIR%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Macao%20Post%20and%20Telecommunications%20Bureau"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=MULTICERT"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Netrust%20Pte%20Ltd"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Open%20Access%20Technology%20International%2C%20Inc.%20%28OATI%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=PostSignum"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Saudi%20Data%20and%20Artificial%20Intelligence%20Authority%20%28SDAIA%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=SI-TRUST"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Skaitmeninio%20sertifikavimo%20centras%20%28SSC%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Swiss%20BIT%2C%20Swiss%20Federal%20Office%20of%20Information%20Technology%2C%20Systems%20and%20Telecommunication%20%28FOITT%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Thailand%20National%20Root%20Certificate%20Authority%20%28Electronic%20Transactions%20Development%20Agency%29"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=TrustFactory%28Pty%29Ltd"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Trustis"},{"rsa":1,"ecc":0,"roots":1,"crtshUrl":"https://crt.sh/?CAName=Zetes"}],"lookupUrl":"https://crt.sh/?CAName={caOwner}","note":"Summary view. Full per-root detail in llm_snapshot_risk.json."},"distrustEvents":[{"ca":"DigiNotar","caOwner":"DigiNotar","crtshUrl":"https://crt.sh/?CAName=DigiNotar","year":2011,"country":"Netherlands","compliancePosture":"willful_circumvention","distrustPathway":"immediate","responseQuality":"moot","reasonTags":["infrastructure_compromise","rogue_certificate_issuance","concealed_breach_or_incident","certificates_used_for_mitm"],"summary":"CA infrastructure was fully compromised. Attacker issued 531+ fraudulent certificates including *.google.com, used in MITM surveillance of Iranian users. CA concealed the breach for weeks. Declared bankruptcy after distrust.","distrustDates":{"chrome":"2011-08-29","mozilla":"2011-09-02","apple":"2011-09-09","microsoft":"2011-09-13"},"classificationTier":"curated","postureEvidence":"Concealed breach for weeks while fraudulent certs were actively used for surveillance.","tagEvidence":{"infrastructure_compromise":"Curated from root program announcements","rogue_certificate_issuance":"Curated from root program announcements","concealed_breach_or_incident":"Curated from root program announcements","certificates_used_for_mitm":"Curated from root program announcements"},"timeline":{"firstBugDate":null,"lastBugDate":null,"distrustDate":"2011-08-29","runwayDays":null},"references":{"rootProgramAnnouncements":["https://blog.mozilla.org/security/2011/09/02/diginotar-removal-follow-up/","https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-091511/"],"mdspThreads":["https://groups.google.com/g/mozilla.dev.security.policy/c/eFp_xmfNhAw"],"ccadbThreads":[],"articles":[{"url":"https://www.enisa.europa.eu/sites/default/files/all_files/Operation_Black_Tulip_v2.pdf","source":"ENISA","title":"Operation Black Tulip: Certificate authorities lose authority"},{"url":"https://www.theregister.com/2011/09/06/diginotar_audit_damning_fail/","source":"The Register","title":"Inside Operation Black Tulip: DigiNotar hack analysed"},{"url":"https://en.wikipedia.org/wiki/DigiNotar","source":"Wikipedia","title":"DigiNotar"},{"url":"https://digitalcommons.usf.edu/cgi/viewcontent.cgi?article=1246&context=jss","source":"Journal of Strategic Security","title":"DigiNotar: Dissecting the First Dutch Digital Disaster"}]}},{"ca":"ANSSI","caOwner":"Government of France (ANSSI, DCSSI)","crtshUrl":"https://crt.sh/?CAName=Government%20of%20France%20%28ANSSI%2C%20DCSSI%29","year":2013,"country":"France","compliancePosture":"accidental","distrustPathway":"triggered","responseQuality":"cooperative","reasonTags":["unauthorized_delegation","rogue_certificate_issuance","certificates_used_for_mitm"],"summary":"Government CA issued intermediate certificate to network appliance company for traffic inspection. Used to issue MITM certificate for Google domains. ANSSI cooperated, certificate was revoked. Distrust limited to specific intermediate, not full root removal.","distrustDates":{"chrome":"2013-12-09","mozilla":"2013-12-09","apple":"2013-12-09","microsoft":"2013-12-09"},"classificationTier":"curated","postureEvidence":"Government CA delegated cert to network appliance company. Didn't understand WebPKI constraints on delegation.","tagEvidence":{"unauthorized_delegation":"Curated from root program announcements","rogue_certificate_issuance":"Curated from root program announcements","certificates_used_for_mitm":"Curated from root program announcements"},"timeline":{"firstBugDate":null,"lastBugDate":null,"distrustDate":"2013-06-01","runwayDays":null},"references":{"rootProgramAnnouncements":["https://security.googleblog.com/2013/12/further-improving-digital-certificate.html","https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/"],"mdspThreads":[],"ccadbThreads":[],"articles":[{"url":"https://security.googleblog.com/2013/12/further-improving-digital-certificate.html","source":"Chrome Blog","title":"Further improving digital certificate security"},{"url":"https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/","source":"Mozilla Blog","title":"Revoking trust in one ANSSI certificate"}]}},{"ca":"India CCA (NIC)","caOwner":"India CCA","crtshUrl":"https://crt.sh/?CAName=India%20CCA","year":2014,"country":"IN","compliancePosture":"negligent_noncompliance","distrustPathway":"triggered","responseQuality":"inadequate","reasonTags":["unauthorized_certificate","government_ca","lack_of_controls"],"summary":"Indian government CA (National Informatics Centre) issued unauthorized certificates for Google domains. Chrome, Mozilla, and Apple constrained or removed trust. Microsoft has not acted.","distrustDates":{"chrome":"2014-07-12","mozilla":"2014-07-14","apple":"2014-07-14"},"classificationTier":"curated","postureEvidence":"NIC intermediate CA issued unauthorized Google certificates.","tagEvidence":{},"timeline":{"firstBugDate":null,"lastBugDate":null,"distrustDate":"2014-07-12","runwayDays":null}},{"ca":"CNNIC","caOwner":"China Internet Network Information Center (CNNIC)","crtshUrl":"https://crt.sh/?CAName=China%20Internet%20Network%20Information%20Center%20%28CNNIC%29","year":2015,"country":"China","compliancePosture":"negligent_noncompliance","distrustPathway":"triggered","responseQuality":"inadequate","reasonTags":["unauthorized_delegation","rogue_certificate_issuance","inadequate_incident_response","certificates_used_for_mitm"],"summary":"Issued unconstrained intermediate certificate to MCS Holdings, an Egyptian company that used it as a MITM proxy to issue unauthorized certificates for Google domains.","distrustDates":{"chrome":"2015-04-01","mozilla":"2015-04-02","apple":"2015-04-02","microsoft":"2015-04-02"},"classificationTier":"curated","postureEvidence":"Issued unconstrained intermediate to MCS Holdings without adequate oversight. MCS ran a MITM proxy.","tagEvidence":{"unauthorized_delegation":"Curated from root program announcements","rogue_certificate_issuance":"Curated from root program announcements","inadequate_incident_response":"Curated from root program announcements","certificates_used_for_mitm":"Curated from root program announcements"},"timeline":{"firstBugDate":null,"lastBugDate":null,"distrustDate":"2015-04-01","runwayDays":null},"references":{"rootProgramAnnouncements":["https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/","https://security.googleblog.com/2015/03/maintaining-digital-certificate-security.html"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Z5701nXiDqA"],"ccadbThreads":[],"articles":[{"url":"https://security.googleblog.com/2015/03/maintaining-digital-certificate-security.html","source":"Chrome Blog","title":"Maintaining digital certificate security"},{"url":"https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/","source":"Mozilla Blog","title":"Distrusting new CNNIC certificates"}]}},{"ca":"WoSign","caOwner":"WoSign CA Limited","crtshUrl":"https://crt.sh/?CAName=WoSign%20CA%20Limited","year":2016,"country":"China","compliancePosture":"willful_circumvention","distrustPathway":"immediate","responseQuality":"moot","reasonTags":["baseline_requirements_violations","rogue_certificate_issuance","active_deception","hidden_corporate_changes","validation_bypass"],"summary":"WoSign was distrusted for systematic rule circumvention including backdating SHA-1 certificates, issuing unauthorized certificates, and concealing their acquisition of StartCom. They deliberately built systems to violate browser restrictions and actively deceived the community about their operations.","distrustDates":{"chrome":"2016-10-31","mozilla":"2016-10-24","apple":"2016-12-01","microsoft":"2017-01-01"},"classificationTier":"medium_high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2019-02-05","lastBugDate":"2019-02-05","distrustDate":"2016-06-01","runwayDays":-979},"references":{"rootProgramAnnouncements":["https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html"],"mdspThreads":["https://groups.google.com/g/mozilla.dev.security.policy/c/k9PBmyLCi8I","https://groups.google.com/g/mozilla.dev.security.policy/c/1XI3Y7PJ1Uc","https://groups.google.com/g/mozilla.dev.security.policy/c/BV5XyFJLnQM","https://groups.google.com/g/mozilla.dev.security.policy/c/VUj2glQYxLc"],"ccadbThreads":[],"articles":[{"url":"https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html","source":"Chrome Blog","title":"Distrusting WoSign and StartCom Certificates"},{"url":"https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/","source":"Mozilla Blog","title":"Distrusting New WoSign and StartCom Certificates"},{"url":"https://en.wikipedia.org/wiki/WoSign","source":"Wikipedia","title":"WoSign"}]}},{"ca":"StartCom","caOwner":"Start Commercial (StartCom) Ltd.","crtshUrl":"https://crt.sh/?CAName=Start%20Commercial%20%28StartCom%29%20Ltd.","year":2016,"country":"Israel","compliancePosture":"willful_circumvention","distrustPathway":"immediate","responseQuality":"moot","reasonTags":["active_deception","hidden_corporate_changes","rogue_certificate_issuance","baseline_requirements_violations","pattern_of_issues","validation_bypass"],"summary":"StartCom was distrusted for concealing its acquisition by WoSign while maintaining false appearance of independence. Post-distrust bugs show continued attempts to circumvent restrictions through proxy issuance and certificate manipulation, demonstrating willful violation of trust boundaries.","distrustDates":{"chrome":"2016-10-31","mozilla":"2016-10-24","apple":"2016-12-01","microsoft":"2017-01-01"},"classificationTier":"high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2017-03-25","lastBugDate":"2019-02-05","distrustDate":"2016-06-01","runwayDays":-297},"references":{"rootProgramAnnouncements":["https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html"],"mdspThreads":["https://groups.google.com/g/mozilla.dev.security.policy/c/TbDYE69YP8E"],"ccadbThreads":[],"articles":[{"url":"https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html","source":"Chrome Blog","title":"Distrusting WoSign and StartCom Certificates"},{"url":"https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/","source":"Mozilla Blog","title":"Distrusting New WoSign and StartCom Certificates"},{"url":"https://en.wikipedia.org/wiki/StartCom","source":"Wikipedia","title":"StartCom"}]}},{"ca":"Symantec","caOwner":"Symantec","crtshUrl":"https://crt.sh/?CAName=Symantec","year":2017,"country":"United States","compliancePosture":"argumentative_noncompliance","distrustPathway":"negotiated","responseQuality":"inadequate","reasonTags":["unauthorized_delegation","pattern_of_issues","validation_bypass","lack_of_meaningful_improvement","minimized_severity","baseline_requirements_violations","willful_misissuance"],"summary":"Google documented years of misissuance incidents including test certificates, non-audited intermediates, and BR violations. DigiCert acquired Symantec's CA business and managed the transition. Gradual distrust over 12+ months with subscriber migration.","distrustDates":{"chrome":"2018-04-17","mozilla":"2018-10-01","apple":"2018-10-15","microsoft":"2018-10-15"},"classificationTier":"curated","postureEvidence":"Third-party RA program was knowingly structured to bypass validation controls. Repeatedly minimized severity and argued rules should not apply as written. Willful misissuance in training infrastructure. Pattern of argumentative engagement with root programs eroded confidence.","tagEvidence":{"unauthorized_delegation":"Curated from root program announcements","pattern_of_issues":"Curated from root program announcements","validation_bypass":"Curated from root program announcements","lack_of_meaningful_improvement":"Curated from root program announcements","minimized_severity":"Curated from root program announcements","baseline_requirements_violations":"Curated from root program announcements"},"timeline":{"firstBugDate":"2017-01-27","lastBugDate":"2017-11-27","distrustDate":"2018-10-09","runwayDays":620},"references":{"rootProgramAnnouncements":["https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html"],"mdspThreads":["https://groups.google.com/g/mozilla.dev.security.policy/c/gLhzSzo-XFw"],"ccadbThreads":["https://groups.google.com/a/ccadb.org/g/public/c/xoCKQLlU1F4","https://groups.google.com/a/ccadb.org/g/public/c/SXAeHT04TFc"],"articles":[{"url":"https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html","source":"Chrome Blog","title":"Chrome's Plan to Distrust Symantec Certificates"},{"url":"https://arstechnica.com/information-technology/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/","source":"Ars Technica","title":"Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs"},{"url":"https://www.bleepingcomputer.com/news/security/google-outlines-ssl-apocalypse-for-symantec-certificates/","source":"Bleeping Computer","title":"Google Outlines SSL Apocalypse for Symantec Certificates"}]}},{"ca":"TurkTrust","caOwner":"TurkTrust","crtshUrl":"https://crt.sh/?CAName=TurkTrust","year":2018,"country":"Turkey","compliancePosture":"negligent_noncompliance","distrustPathway":"gradual","responseQuality":"inadequate","reasonTags":["baseline_requirements_violations","unauthorized_delegation","non_responsive_to_root_programs","audit_deficiencies","pattern_of_issues","rogue_certificate_issuance"],"summary":"TurkTrust was distrusted following a pattern of compliance failures including issuing non-audited, non-constrained intermediate certificates and failing to respond to root program surveys. The distrust was triggered by the 2012 incident where their operational mistake led to a fraudulent Google certificate, followed by ongoing compliance deficiencies.","distrustDates":{"chrome":"2018-06-01","mozilla":"2018-05-01","apple":"2018-06-01","microsoft":"2018-06-01"},"classificationTier":"medium_high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2017-05-25","lastBugDate":"2018-02-17","distrustDate":"2018-06-01","runwayDays":372},"references":{"rootProgramAnnouncements":["https://krebsonsecurity.com/2013/01/turkish-registrar-enabled-phishers-to-spoof-google/"],"mdspThreads":[],"ccadbThreads":[],"articles":[{"url":"https://krebsonsecurity.com/2013/01/turkish-registrar-enabled-phishers-to-spoof-google/","source":"Krebs on Security","title":"Turkish CA enabled phishers to spoof Google"},{"url":"https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html","source":"Chrome Blog","title":"Enhancing digital certificate security"}]}},{"ca":"Certinomis","caOwner":"Docaposte Certinomis SAS","crtshUrl":"https://crt.sh/?CAName=Docaposte%20Certinomis%20SAS","year":2019,"country":"France","compliancePosture":"negligent_noncompliance","distrustPathway":"gradual","responseQuality":"inadequate","reasonTags":["baseline_requirements_violations","pattern_of_issues","lack_of_meaningful_improvement","inadequate_incident_response","non_responsive_to_root_programs"],"summary":"Certinomis was distrusted in 2019 following a sustained pattern of 20 documented incidents over 2+ years showing systematic BR violations including invalid DNS names, improper certificate profiles, and OCSP failures. Despite being aware of these issues through bug reports, the CA failed to implement effective systemic remediation, with the same violation categories recurring throughout the period.","distrustDates":{"chrome":"2019-07-01","mozilla":"2019-06-01","apple":"2019-07-01"},"classificationTier":"high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2017-08-02","lastBugDate":"2019-05-14","distrustDate":"2019-06-01","runwayDays":668},"references":{"rootProgramAnnouncements":["https://venafi.com/blog/mozilla-distrusts-certinomis-issued-certificates/"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI","https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Ni4tS6OBBbw","https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/rmU311hOIIc"],"ccadbThreads":[],"articles":[{"url":"https://venafi.com/blog/mozilla-distrusts-certinomis-issued-certificates/","source":"Venafi","title":"Mozilla distrusts Certinomis issued certificates"}]}},{"ca":"PROCERT","caOwner":"PROCERT","crtshUrl":"https://crt.sh/?CAName=PROCERT","year":2020,"country":"Venezuela","compliancePosture":"demonstrated_incompetence","distrustPathway":"gradual","responseQuality":"non_responsive","reasonTags":["baseline_requirements_violations","non_responsive_to_root_programs","demonstrated_lack_of_understanding","limited_ecosystem_value"],"summary":"PROCERT was a Venezuelan CA that demonstrated incompetence through non-BR-compliant issuance and complete non-responsiveness to Mozilla's action items. The sparse 2017 bug trail with no CA engagement suggests an organization that lacked the operational capacity to participate meaningfully in the WebPKI ecosystem.","distrustDates":{"chrome":"2020-07-01","mozilla":"2020-06-01","apple":"2020-07-01","microsoft":"2020-07-01"},"classificationTier":"medium_high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2017-08-16","lastBugDate":"2017-10-04","distrustDate":"2020-06-01","runwayDays":1020},"references":{"rootProgramAnnouncements":["https://venafi.com/blog/mozilla-distrusts-procert-local-certificate-authorities-have-global-impact/"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Ni4tS6OBBbw","https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/lqZersN26VA"],"ccadbThreads":[],"articles":[{"url":"https://venafi.com/blog/mozilla-distrusts-procert-local-certificate-authorities-have-global-impact/","source":"Venafi","title":"Mozilla distrusts PROCERT: local CAs have global impact"}]}},{"ca":"Camerfirma","caOwner":"AC Camerfirma, S.A.","crtshUrl":"https://crt.sh/?CAName=AC%20Camerfirma%2C%20S.A.","year":2021,"country":"Spain","compliancePosture":"negligent_noncompliance","distrustPathway":"gradual","responseQuality":"inadequate","reasonTags":["baseline_requirements_violations","delayed_or_refused_revocation","pattern_of_issues","lack_of_meaningful_improvement","unauthorized_delegation","audit_deficiencies","inadequate_incident_response"],"summary":"Camerfirma was distrusted after years of systematic Baseline Requirements violations, delayed revocations, and unauthorized subordinate CA issuance. Despite repeated incidents and Mozilla oversight, the CA failed to implement effective controls, with the same types of violations recurring over multiple years.","distrustDates":{"chrome":"2021-07-01","mozilla":"2021-06-01","apple":"2021-07-01"},"classificationTier":"high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2017-03-25","lastBugDate":"2021-04-09","distrustDate":"2021-06-01","runwayDays":1529},"references":{"rootProgramAnnouncements":["https://www.theregister.com/2021/02/02/chrome_camerfirma_certificates/"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI","https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Ni4tS6OBBbw","https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/dSeD3dgnpzk"],"ccadbThreads":["https://groups.google.com/a/ccadb.org/g/public/c/xoCKQLlU1F4"],"articles":[{"url":"https://www.theregister.com/2021/02/02/chrome_camerfirma_certificates/","source":"The Register","title":"Chrome and Mozilla distrust Camerfirma certificates"}]}},{"ca":"TrustCor","caOwner":"TrustCor Systems","crtshUrl":"https://crt.sh/?CAName=TrustCor%20Systems","year":2022,"country":"Canada","compliancePosture":"negligent_noncompliance","distrustPathway":"immediate","responseQuality":"cooperative","reasonTags":["baseline_requirements_violations","delayed_or_refused_revocation","audit_deficiencies","ties_to_adversarial_entities","pattern_of_issues"],"summary":"TrustCor was distrusted in 2022 primarily due to discovered corporate ties to surveillance entities rather than the technical compliance issues shown in these 2019 Bugzilla reports. While they had routine compliance problems and delayed revocations, the fundamental issue was organizational trust incompatibility.","distrustDates":{"chrome":"2022-12-02","mozilla":"2022-12-01","apple":"2022-12-02","microsoft":"2023-02-28"},"classificationTier":"high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2019-03-04","lastBugDate":"2019-11-26","distrustDate":"2022-06-01","runwayDays":1185},"references":{"rootProgramAnnouncements":["https://www.ghacks.net/2022/12/02/mozilla-and-microsoft-distrust-trustcor-root-certificates-in-their-browsers/"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4"],"ccadbThreads":["https://groups.google.com/a/ccadb.org/g/public/c/xoCKQLlU1F4","https://groups.google.com/a/ccadb.org/g/public/c/SXAeHT04TFc"],"articles":[{"url":"https://www.ghacks.net/2022/12/02/mozilla-and-microsoft-distrust-trustcor-root-certificates-in-their-browsers/","source":"gHacks","title":"Mozilla and Microsoft distrust TrustCor root certificates"},{"url":"https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-browser-mozilla/","source":"Washington Post","title":"TrustCor linked to intelligence operations"}]}},{"ca":"Visa","caOwner":"Visa","crtshUrl":"https://crt.sh/?CAName=Visa","year":2022,"country":"United States of America","compliancePosture":"negligent_noncompliance","distrustPathway":"gradual","responseQuality":"non_responsive","reasonTags":["baseline_requirements_violations","audit_deficiencies","non_responsive_to_root_programs","pattern_of_issues","limited_ecosystem_value"],"summary":"Visa demonstrated a pattern of BR violations and audit deficiencies from 2017-2020 while completely failing to engage with root programs or respond to identified issues. The CA showed no meaningful participation in the WebPKI ecosystem it was supposed to serve.","distrustDates":{"chrome":"2022-07-01","mozilla":"2022-06-01","apple":"2022-07-01"},"classificationTier":"medium_high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2017-08-16","lastBugDate":"2020-07-07","distrustDate":"2022-06-01","runwayDays":1750},"references":{"rootProgramAnnouncements":["https://www.feistyduck.com/newsletter/issue_45_visa_certificate_authority_in_trouble"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/yqALPG5PC4s","https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/wOAsjdGla9g"],"ccadbThreads":["https://groups.google.com/a/ccadb.org/g/public/c/SXAeHT04TFc"],"articles":[{"url":"https://www.feistyduck.com/newsletter/issue_45_visa_certificate_authority_in_trouble","source":"Feisty Duck","title":"Visa Certificate Authority in trouble"}]}},{"ca":"e-Tugra","caOwner":"E-Tugra","crtshUrl":"https://crt.sh/?CAName=E-Tugra","year":2023,"country":"Turkey","compliancePosture":"demonstrated_incompetence","distrustPathway":"triggered","responseQuality":"inadequate","reasonTags":["operational_security_failures","baseline_requirements_violations","pattern_of_issues","inadequate_incident_response","demonstrated_lack_of_understanding","non_responsive_to_root_programs","limited_ecosystem_value"],"summary":"E-Tugra was distrusted after security researcher Ian Carroll discovered severe operational security failures including default passwords and exposed administrative interfaces. The CA had a 4-year pattern of baseline requirements violations but the security research findings triggered immediate distrust action.","distrustDates":{"chrome":"2023-01-09","mozilla":"2023-01-16","apple":"2023-01-16","microsoft":"2023-03-01"},"classificationTier":"high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2018-02-17","lastBugDate":"2022-11-18","distrustDate":"2023-06-01","runwayDays":1930},"references":{"rootProgramAnnouncements":["https://ian.sh/etugra"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"],"ccadbThreads":["https://groups.google.com/a/ccadb.org/g/public/c/SXAeHT04TFc"],"articles":[{"url":"https://ian.sh/etugra","source":"Ian Carroll","title":"Security research findings on e-Tugra"}]}},{"ca":"Ecommerce Monitoring","caOwner":"e-commerce monitoring GmbH","crtshUrl":"https://crt.sh/?CAName=e-commerce%20monitoring%20GmbH","year":2024,"country":"Austria","compliancePosture":"demonstrated_incompetence","distrustPathway":"gradual","responseQuality":"inadequate","reasonTags":["baseline_requirements_violations","delayed_or_refused_revocation","inadequate_incident_response","demonstrated_lack_of_understanding","pattern_of_issues","lack_of_meaningful_improvement"],"summary":"Ecommerce Monitoring demonstrated fundamental operational incompetence through a sustained pattern of baseline requirements violations and delayed revocations spanning 2021-2024. Most notably, when asked for root cause analysis of incidents, they confused the investigative concept with their root certificate, revealing they didn't understand basic CA operational requirements.","distrustDates":{"chrome":"2024-07-01","mozilla":"2024-06-01","apple":"2024-07-01","microsoft":"2024-07-01"},"classificationTier":"high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2021-06-12","lastBugDate":"2024-05-17","distrustDate":"2024-06-01","runwayDays":1085},"references":{"rootProgramAnnouncements":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/HFMEAMUe7v4/"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/HFMEAMUe7v4/"],"ccadbThreads":["https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k","https://groups.google.com/a/ccadb.org/g/public/c/GmGydKS2lMA","https://groups.google.com/a/ccadb.org/g/public/c/xoCKQLlU1F4"],"articles":[{"url":"https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/HFMEAMUe7v4/","source":"MDSP","title":"Ecommerce Monitoring removal discussion"}]}},{"ca":"Entrust","caOwner":"Entrust","crtshUrl":"https://crt.sh/?CAName=Entrust","year":2024,"country":"United States of America","compliancePosture":"argumentative_noncompliance","distrustPathway":"gradual","responseQuality":"inadequate","reasonTags":["baseline_requirements_violations","delayed_or_refused_revocation","argued_rules_dont_apply","recharacterized_incidents","minimized_severity","lack_of_meaningful_improvement","pattern_of_issues","inadequate_incident_response"],"summary":"Entrust demonstrated a multi-year pattern of baseline requirements violations, delayed revocations, and argumentative responses that prioritized justifying non-compliance over fixing issues. Chrome explicitly noted Entrust's pattern of arguing that established practices should not apply to their circumstances rather than taking responsibility for mistakes.","distrustDates":{"chrome":"2024-11-12","apple":"2024-11-15","mozilla":"2025-03-01","microsoft":"2025-04-16"},"classificationTier":"high","postureEvidence":"","tagEvidence":{},"timeline":{"firstBugDate":"2017-08-16","lastBugDate":"2024-04-06","distrustDate":"2024-11-11","runwayDays":2644},"references":{"rootProgramAnnouncements":["https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html"],"mdspThreads":["https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/LhTIUMFGHNw","https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/jCvkhBjg9Yw"],"ccadbThreads":["https://groups.google.com/a/ccadb.org/g/public/c/79fkkAXMLpY","https://groups.google.com/a/ccadb.org/g/public/c/YhpAYN5lRh0","https://groups.google.com/a/ccadb.org/g/public/c/tk2CV6Mc-xo"],"articles":[{"url":"https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html","source":"Chrome Blog","title":"Sustaining Digital Certificate Security"},{"url":"https://arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/","source":"Ars Technica","title":"Chrome boots certificate authorities citing lack of trust and confidence"},{"url":"https://www.theregister.com/2024/08/01/mozilla_entrust/","source":"The Register","title":"Mozilla follows Google in distrusting Entrust's TLS certs"},{"url":"https://blog.cloudflare.com/how-cloudflare-is-helping-domain-owners-with-the-upcoming-entrust-ca/","source":"Cloudflare Blog","title":"How Cloudflare is helping domain owners with the Entrust distrust"}]}}],"distrustStats":{"totalEvents":16,"postureDistribution":{"willful_circumvention":3,"accidental":1,"negligent_noncompliance":7,"argumentative_noncompliance":2,"demonstrated_incompetence":3},"avgIntervalYears":0.93,"avgIntervalMonths":11,"medianRunwayDays":1185,"maxRunwayDays":2644,"avgRunwayDays":1280,"responseDrivenPct":73},"governance":{"reportCard":{"chrome":{"enforcement":"15/15","firstPublicAction":7,"neverActed":0,"stillTrusts":0,"bugzillaCoverage":718,"bugzillaCoverageRecent":279,"substantiveOversight":290,"substantiveOversightRecent":109,"oversightComments":1930,"ballotsProposed":16,"voteParticipation":"9/14","substantiveBallots":12,"caOwners":45,"roots":105,"exclusiveRoots":0,"ungoverned_exclusive":0},"mozilla":{"enforcement":"15/15","firstPublicAction":8,"neverActed":0,"stillTrusts":0,"bugzillaCoverage":813,"bugzillaCoverageRecent":268,"substantiveOversight":248,"substantiveOversightRecent":46,"oversightComments":1797,"ballotsProposed":18,"voteParticipation":"14/14","substantiveBallots":15,"caOwners":50,"roots":167,"exclusiveRoots":12,"ungoverned_exclusive":2},"apple":{"enforcement":"15/15","firstPublicAction":0,"neverActed":0,"stillTrusts":0,"bugzillaCoverage":44,"bugzillaCoverageRecent":44,"substantiveOversight":6,"substantiveOversightRecent":6,"oversightComments":62,"ballotsProposed":11,"voteParticipation":"10/14","substantiveBallots":9,"caOwners":39,"roots":140,"exclusiveRoots":2,"ungoverned_exclusive":0},"microsoft":{"enforcement":"11/15","firstPublicAction":0,"neverActed":4,"stillTrusts":4,"bugzillaCoverage":0,"bugzillaCoverageRecent":0,"substantiveOversight":0,"substantiveOversightRecent":0,"oversightComments":0,"ballotsProposed":0,"voteParticipation":"4/14","substantiveBallots":6,"caOwners":83,"roots":305,"exclusiveRoots":139,"ungoverned_exclusive":35}},"meta":{"bugsTotal":1739,"bugsWithComments":1739,"totalCommentsAnalyzed":6117},"bugCreationByYear":[{"y":2014,"chrome":0,"mozilla":2,"apple":0,"microsoft":0,"other":1},{"y":2015,"chrome":0,"mozilla":0,"apple":0,"microsoft":0,"other":1},{"y":2016,"chrome":0,"mozilla":3,"apple":0,"microsoft":0,"other":2},{"y":2017,"chrome":0,"mozilla":83,"apple":0,"microsoft":0,"other":40},{"y":2018,"chrome":3,"mozilla":59,"apple":0,"microsoft":0,"other":46},{"y":2019,"chrome":18,"mozilla":61,"apple":6,"microsoft":2,"other":168},{"y":2020,"chrome":28,"mozilla":20,"apple":3,"microsoft":3,"other":183},{"y":2021,"chrome":6,"mozilla":16,"apple":2,"microsoft":8,"other":155},{"y":2022,"chrome":0,"mozilla":10,"apple":4,"microsoft":0,"other":92},{"y":2023,"chrome":6,"mozilla":8,"apple":2,"microsoft":0,"other":117},{"y":2024,"chrome":3,"mozilla":5,"apple":0,"microsoft":1,"other":227},{"y":2025,"chrome":0,"mozilla":2,"apple":1,"microsoft":5,"other":215},{"y":2026,"chrome":0,"mozilla":0,"apple":8,"microsoft":10,"other":104}],"bugCreationTotals":{"chrome":64,"mozilla":269,"apple":26,"microsoft":29,"other":1351},"discoveryMethods":{"totals":{"external_researcher":298,"unknown":444,"community":273,"self_detected":355,"audit":118,"root_program":64},"by_year":[{"y":2014,"self_detected":0,"external_researcher":1,"root_program":0,"community":0,"audit":0,"unknown":2,"total":3},{"y":2015,"self_detected":0,"external_researcher":0,"root_program":0,"community":1,"audit":0,"unknown":0,"total":1},{"y":2016,"self_detected":0,"external_researcher":1,"root_program":0,"community":3,"audit":0,"unknown":1,"total":5},{"y":2017,"self_detected":13,"external_researcher":52,"root_program":1,"community":21,"audit":3,"unknown":9,"total":99},{"y":2018,"self_detected":13,"external_researcher":22,"root_program":12,"community":19,"audit":0,"unknown":20,"total":86},{"y":2019,"self_detected":25,"external_researcher":58,"root_program":4,"community":43,"audit":9,"unknown":74,"total":213},{"y":2020,"self_detected":8,"external_researcher":45,"root_program":4,"community":51,"audit":9,"unknown":91,"total":208},{"y":2021,"self_detected":16,"external_researcher":31,"root_program":4,"community":32,"audit":14,"unknown":67,"total":164},{"y":2022,"self_detected":15,"external_researcher":23,"root_program":7,"community":17,"audit":3,"unknown":34,"total":99},{"y":2023,"self_detected":23,"external_researcher":24,"root_program":10,"community":18,"audit":8,"unknown":46,"total":129},{"y":2024,"self_detected":82,"external_researcher":17,"root_program":3,"community":39,"audit":10,"unknown":54,"total":205},{"y":2025,"self_detected":101,"external_researcher":13,"root_program":12,"community":16,"audit":52,"unknown":25,"total":219},{"y":2026,"self_detected":59,"external_researcher":11,"root_program":7,"community":13,"audit":10,"unknown":21,"total":121}],"classified_bugs":1552,"excluded_distrusted":187,"corpus_note":"1552 bugs classified (excludes 187 distrusted-CA bugs). Corpus is larger than the 1,428-incident count in incidents.json because discovery classification runs on all non-distrusted bugs_raw entries, including ~75 sub-operator naming variants (e.g. 'DigiCert / ABB') that incidents.py normalizes into parent CA counts."},"programCommentSummary":{"chrome":{"total_comments":2114,"substantive_comments":2114,"workflow_events":0,"admin_comments":124,"oversight_comments":1930,"recent_oversight_comments":639,"technical_oversight_comments":614,"recent_technical_oversight_comments":210,"self_incident_comments":60,"recent_self_incident_comments":30,"bugs_engaged":734,"bugs_oversight":718,"recent_bugs_oversight":279,"bugs_technical_oversight":290,"recent_bugs_technical_oversight":109},"mozilla":{"total_comments":3249,"substantive_comments":3248,"workflow_events":1,"admin_comments":1451,"oversight_comments":1797,"recent_oversight_comments":434,"technical_oversight_comments":452,"recent_technical_oversight_comments":76,"self_incident_comments":0,"recent_self_incident_comments":0,"bugs_engaged":813,"bugs_oversight":813,"recent_bugs_oversight":268,"bugs_technical_oversight":248,"recent_bugs_technical_oversight":46},"apple":{"total_comments":196,"substantive_comments":196,"workflow_events":0,"admin_comments":3,"oversight_comments":62,"recent_oversight_comments":62,"technical_oversight_comments":11,"recent_technical_oversight_comments":11,"self_incident_comments":131,"recent_self_incident_comments":74,"bugs_engaged":61,"bugs_oversight":44,"recent_bugs_oversight":44,"bugs_technical_oversight":6,"recent_bugs_technical_oversight":6},"microsoft":{"total_comments":559,"substantive_comments":559,"workflow_events":0,"admin_comments":2,"oversight_comments":0,"recent_oversight_comments":0,"technical_oversight_comments":0,"recent_technical_oversight_comments":0,"self_incident_comments":557,"recent_self_incident_comments":504,"bugs_engaged":45,"bugs_oversight":0,"recent_bugs_oversight":0,"bugs_technical_oversight":0,"recent_bugs_technical_oversight":0}},"oversightConcentration":{"chrome":{"total_oversight_comments":1930,"unique_contributors":6,"top_contributor_pct":87,"top_3_contributors_pct":97,"top_contributor_email":"r**********@gmail.com","top_contributor_first_quarter":"2014-Q1","top_contributor_last_quarter":"2022-Q2"},"mozilla":{"total_oversight_comments":1797,"unique_contributors":9,"top_contributor_pct":47,"top_3_contributors_pct":90,"top_contributor_email":"w******@fastly.com","top_contributor_first_quarter":"2017-Q4","top_contributor_last_quarter":"2020-Q2"},"apple":{"total_oversight_comments":62,"unique_contributors":2,"top_contributor_pct":63,"top_3_contributors_pct":100,"top_contributor_email":"d**********@apple.com","top_contributor_first_quarter":"2025-Q4","top_contributor_last_quarter":"2026-Q1"},"microsoft":{"total_oversight_comments":0,"unique_contributors":0,"top_contributor_pct":0,"top_3_contributors_pct":0,"top_contributor_email":null,"top_contributor_first_quarter":null,"top_contributor_last_quarter":null}},"oversightQuarterly":[{"quarter":"2014-Q1","chrome_comments":3,"chrome_people":1,"mozilla_comments":2,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2015-Q3","chrome_comments":0,"chrome_people":0,"mozilla_comments":2,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2016-Q2","chrome_comments":0,"chrome_people":0,"mozilla_comments":2,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2016-Q3","chrome_comments":0,"chrome_people":0,"mozilla_comments":4,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2016-Q4","chrome_comments":2,"chrome_people":1,"mozilla_comments":2,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2017-Q1","chrome_comments":2,"chrome_people":1,"mozilla_comments":14,"mozilla_people":3,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2017-Q2","chrome_comments":1,"chrome_people":1,"mozilla_comments":22,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2017-Q3","chrome_comments":122,"chrome_people":1,"mozilla_comments":102,"mozilla_people":3,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2017-Q4","chrome_comments":37,"chrome_people":1,"mozilla_comments":139,"mozilla_people":4,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2018-Q1","chrome_comments":7,"chrome_people":1,"mozilla_comments":107,"mozilla_people":3,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2018-Q2","chrome_comments":13,"chrome_people":1,"mozilla_comments":92,"mozilla_people":3,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2018-Q3","chrome_comments":4,"chrome_people":1,"mozilla_comments":50,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2018-Q4","chrome_comments":15,"chrome_people":1,"mozilla_comments":60,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2019-Q1","chrome_comments":155,"chrome_people":1,"mozilla_comments":144,"mozilla_people":3,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2019-Q2","chrome_comments":121,"chrome_people":1,"mozilla_comments":122,"mozilla_people":4,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2019-Q3","chrome_comments":207,"chrome_people":1,"mozilla_comments":134,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2019-Q4","chrome_comments":113,"chrome_people":1,"mozilla_comments":77,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2020-Q1","chrome_comments":125,"chrome_people":1,"mozilla_comments":75,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2020-Q2","chrome_comments":95,"chrome_people":1,"mozilla_comments":83,"mozilla_people":3,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2020-Q3","chrome_comments":222,"chrome_people":2,"mozilla_comments":88,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2020-Q4","chrome_comments":47,"chrome_people":1,"mozilla_comments":42,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2021-Q1","chrome_comments":62,"chrome_people":1,"mozilla_comments":41,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2021-Q2","chrome_comments":156,"chrome_people":1,"mozilla_comments":29,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2021-Q3","chrome_comments":119,"chrome_people":1,"mozilla_comments":32,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2021-Q4","chrome_comments":36,"chrome_people":2,"mozilla_comments":12,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2022-Q1","chrome_comments":16,"chrome_people":1,"mozilla_comments":18,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2022-Q2","chrome_comments":11,"chrome_people":1,"mozilla_comments":15,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2022-Q3","chrome_comments":6,"chrome_people":2,"mozilla_comments":11,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2022-Q4","chrome_comments":11,"chrome_people":2,"mozilla_comments":11,"mozilla_people":2,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2023-Q1","chrome_comments":9,"chrome_people":2,"mozilla_comments":12,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2023-Q2","chrome_comments":22,"chrome_people":2,"mozilla_comments":10,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2023-Q3","chrome_comments":3,"chrome_people":2,"mozilla_comments":27,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2023-Q4","chrome_comments":4,"chrome_people":2,"mozilla_comments":19,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2024-Q1","chrome_comments":14,"chrome_people":2,"mozilla_comments":14,"mozilla_people":1,"apple_comments":1,"apple_people":1,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2024-Q2","chrome_comments":39,"chrome_people":2,"mozilla_comments":48,"mozilla_people":1,"apple_comments":17,"apple_people":1,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2024-Q3","chrome_comments":13,"chrome_people":2,"mozilla_comments":33,"mozilla_people":1,"apple_comments":3,"apple_people":1,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2024-Q4","chrome_comments":19,"chrome_people":3,"mozilla_comments":33,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2025-Q1","chrome_comments":20,"chrome_people":3,"mozilla_comments":40,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2025-Q2","chrome_comments":30,"chrome_people":2,"mozilla_comments":9,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2025-Q3","chrome_comments":22,"chrome_people":1,"mozilla_comments":9,"mozilla_people":1,"apple_comments":2,"apple_people":1,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2025-Q4","chrome_comments":11,"chrome_people":1,"mozilla_comments":1,"mozilla_people":1,"apple_comments":14,"apple_people":1,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2026-Q1","chrome_comments":14,"chrome_people":1,"mozilla_comments":9,"mozilla_people":1,"apple_comments":25,"apple_people":1,"microsoft_comments":0,"microsoft_people":0},{"quarter":"2026-Q2","chrome_comments":2,"chrome_people":1,"mozilla_comments":1,"mozilla_people":1,"apple_comments":0,"apple_people":0,"microsoft_comments":0,"microsoft_people":0}],"enforcement":{"chrome":{"acted":15,"total":15,"initiated":7,"followed":8,"still_trusts":[]},"mozilla":{"acted":15,"total":15,"initiated":8,"followed":7,"still_trusts":[]},"apple":{"acted":15,"total":15,"initiated":0,"followed":15,"still_trusts":[]},"microsoft":{"acted":11,"total":15,"initiated":0,"followed":11,"still_trusts":["India CCA (NIC)","Certinomis","Camerfirma","Visa"]}},"distrustEvents":[{"ca":"DigiNotar","year":2011,"leader":"chrome","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"ANSSI","year":2013,"leader":"chrome","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"India CCA (NIC)","year":2014,"leader":"chrome","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"trusted"},{"ca":"CNNIC","year":2015,"leader":"chrome","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"WoSign / StartCom","year":2016,"leader":"mozilla","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"Symantec","year":2017,"leader":"chrome","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"TurkTrust","year":2018,"leader":"mozilla","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"Certinomis","year":2019,"leader":"mozilla","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"trusted"},{"ca":"PROCERT","year":2020,"leader":"mozilla","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"Camerfirma","year":2021,"leader":"mozilla","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"trusted"},{"ca":"TrustCor","year":2022,"leader":"mozilla","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"Visa","year":2022,"leader":"mozilla","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"trusted"},{"ca":"e-Tugra","year":2023,"leader":"chrome","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"Ecommerce Monitoring","year":2024,"leader":"mozilla","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"},{"ca":"Entrust","year":2024,"leader":"chrome","chrome":"distrusted","mozilla":"distrusted","apple":"distrusted","microsoft":"distrusted"}],"storePosture":{"mozilla":{"owners":50,"roots":167,"exclusive_count":12,"gov_ca_count":15,"dark_matter":{"exclusive_cas":2,"exclusive_zero_incident":2,"zero_incident_cas":13,"total_cas":58,"exclusive_zero_pct":100.0,"zero_incident_pct":22.4}},"microsoft":{"owners":83,"roots":305,"exclusive_count":139,"gov_ca_count":31,"dark_matter":{"exclusive_cas":37,"exclusive_zero_incident":35,"zero_incident_cas":46,"total_cas":91,"exclusive_zero_pct":94.6,"zero_incident_pct":50.5}},"chrome":{"owners":45,"roots":105,"exclusive_count":0,"gov_ca_count":14,"dark_matter":{"exclusive_cas":0,"exclusive_zero_incident":0,"zero_incident_cas":9,"total_cas":52,"exclusive_zero_pct":0.0,"zero_incident_pct":17.3}},"apple":{"owners":39,"roots":140,"exclusive_count":2,"gov_ca_count":10,"dark_matter":{"exclusive_cas":0,"exclusive_zero_incident":0,"zero_incident_cas":9,"total_cas":46,"exclusive_zero_pct":0.0,"zero_incident_pct":19.6}}},"policyLeadership":{"by_working_group":{"server_certificate":{"programs":{"chrome":{"proposed":14,"endorsed":16,"voted":9,"absent":5,"ballots_with_votes":14},"mozilla":{"proposed":15,"endorsed":21,"voted":14,"absent":0,"ballots_with_votes":14},"apple":{"proposed":7,"endorsed":14,"voted":10,"absent":4,"ballots_with_votes":14},"microsoft":{"proposed":0,"endorsed":9,"voted":4,"absent":10,"ballots_with_votes":14}},"total_ballots":101,"prefix":"SC"},"code_signing":{"programs":{"chrome":{"proposed":0,"endorsed":0,"voted":0,"absent":1,"ballots_with_votes":1},"mozilla":{"proposed":0,"endorsed":0,"voted":0,"absent":1,"ballots_with_votes":1},"apple":{"proposed":0,"endorsed":1,"voted":0,"absent":1,"ballots_with_votes":1},"microsoft":{"proposed":6,"endorsed":12,"voted":1,"absent":0,"ballots_with_votes":1}},"total_ballots":35,"prefix":"CSC"},"smime":{"programs":{"chrome":{"proposed":0,"endorsed":1,"voted":1,"absent":13,"ballots_with_votes":14},"mozilla":{"proposed":0,"endorsed":5,"voted":14,"absent":0,"ballots_with_votes":14},"apple":{"proposed":0,"endorsed":4,"voted":8,"absent":6,"ballots_with_votes":14},"microsoft":{"proposed":0,"endorsed":0,"voted":1,"absent":13,"ballots_with_votes":14}},"total_ballots":18,"prefix":"SMC"},"network_security":{"programs":{"chrome":{"proposed":2,"endorsed":6,"voted":0,"absent":0,"ballots_with_votes":0},"mozilla":{"proposed":3,"endorsed":4,"voted":0,"absent":0,"ballots_with_votes":0},"apple":{"proposed":4,"endorsed":7,"voted":0,"absent":0,"ballots_with_votes":0},"microsoft":{"proposed":0,"endorsed":3,"voted":0,"absent":0,"ballots_with_votes":0}},"total_ballots":20,"prefix":"NS"}},"recent_votes":[{"id":"SC-095","title":"Ballot SC095v3: Clean-up 2025","result":"passed","chrome":"absent","mozilla":"yes","apple":"yes","microsoft":"absent"},{"id":"SC-097","title":"Ballot SC097: Sunset all remaining use of SHA-1 signatures in Certificates and CRLs","result":"passed","chrome":"yes","mozilla":"yes","apple":"yes","microsoft":"yes"},{"id":"SC-094","title":"Ballot SC094v2: DNSSEC exception in email DCV methods","result":"passed","chrome":"absent","mozilla":"yes","apple":"yes","microsoft":"absent"},{"id":"SC-096","title":"Ballot SC096: Carve-out for DNSSEC verification logging requirements","result":"passed","chrome":"absent","mozilla":"yes","apple":"yes","microsoft":"absent"},{"id":"SC-090","title":"Ballot SC-090: Gradually sunset all remaining email-based, phone-based, and \u2018crossover\u2019 validation methods from Sections 3.2.2.4 and 3.2.2.5","result":"passed","chrome":"yes","mozilla":"yes","apple":"yes","microsoft":"absent"},{"id":"SC-091","title":"Ballot SC-091: Sunset 3.2.2.5.3 Reverse Address Lookup Validation, proposal of new DNS-based validation using Persistent DCV TXT Record for IP addresses","result":"passed","chrome":"yes","mozilla":"yes","apple":"absent","microsoft":"absent"},{"id":"SC-086","title":"Ballot SC-086v3: Sunset the Inclusion of IP Reverse Address Domain Names","result":"passed","chrome":"yes","mozilla":"yes","apple":"yes","microsoft":"absent"},{"id":"SC-088","title":"Ballot SC-088v3: DNS TXT Record with Persistent Value DCV Method","result":"passed","chrome":"yes","mozilla":"yes","apple":"absent","microsoft":"absent"},{"id":"SC-092","title":"Ballot SC-092: Sunset use of Precertificate Signing CAs","result":"passed","chrome":"yes","mozilla":"yes","apple":"yes","microsoft":"absent"},{"id":"SC-089","title":"Ballot SC-089: Mass Revocation Planning","result":"passed","chrome":"absent","mozilla":"yes","apple":"absent","microsoft":"yes"},{"id":"SC-085","title":"Ballot SC-085v2: Require Validation of DNSSEC (when present) for CAA and DCV Lookups","result":"passed","chrome":"absent","mozilla":"yes","apple":"yes","microsoft":"absent"},{"id":"SC-081","title":"Ballot SC081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods","result":"passed","chrome":"yes","mozilla":"yes","apple":"yes","microsoft":"yes"},{"id":"SC-084","title":"Ballot SC084: DNS Labeled with ACME Account ID Validation Method","result":"passed","chrome":"yes","mozilla":"yes","apple":"absent","microsoft":"yes"},{"id":"SC-083","title":"Ballot SC083v3: Winter 2024-2025 Cleanup Ballot","result":"passed","chrome":"yes","mozilla":"yes","apple":"yes","microsoft":"absent"}],"total_sc_ballots":101,"programs":{"chrome":{"proposed":16,"endorsed":22,"voted":9,"absent":5,"ballots_with_votes":14,"vote_participation_pct":64},"mozilla":{"proposed":18,"endorsed":25,"voted":14,"absent":0,"ballots_with_votes":14,"vote_participation_pct":100},"apple":{"proposed":11,"endorsed":21,"voted":10,"absent":4,"ballots_with_votes":14,"vote_participation_pct":71},"microsoft":{"proposed":0,"endorsed":12,"voted":4,"absent":10,"ballots_with_votes":14,"vote_participation_pct":29}}},"ballotClassification":{"total_ballots":174,"recent_count":50,"substantive_ballots":104,"pct_substantive":60,"browser_summary":{"chrome":{"total":16,"substantive":12,"pct_substantive":75,"endorsed":22,"by_category":{"uncategorized":3,"validation_improvement":3,"security_modernization":3,"transparency_profiles":3,"infrastructure":3,"cleanup":1}},"mozilla":{"total":18,"substantive":15,"pct_substantive":83,"endorsed":30,"by_category":{"incident_response":3,"governance":1,"security_modernization":2,"infrastructure":5,"validation_improvement":3,"transparency_profiles":2,"cleanup":1,"uncategorized":1}},"apple":{"total":11,"substantive":9,"pct_substantive":82,"endorsed":24,"by_category":{"validation_improvement":3,"security_modernization":1,"audit_standards":1,"infrastructure":4,"uncategorized":2}},"microsoft":{"total":6,"substantive":6,"pct_substantive":100,"endorsed":24,"by_category":{"security_modernization":1,"validation_improvement":4,"infrastructure":1}}},"top_ca_contributors":[{"name":"DigiCert","total":60,"substantive":29,"pct_substantive":48,"endorsed":39,"by_category":{"security_modernization":3,"cleanup":9,"incident_response":3,"uncategorized":8,"governance":14,"infrastructure":6,"transparency_profiles":5,"validation_improvement":10,"audit_standards":2}},{"name":"HARICA","total":14,"substantive":8,"pct_substantive":57,"endorsed":29,"by_category":{"validation_improvement":2,"transparency_profiles":2,"governance":3,"infrastructure":4,"uncategorized":1,"cleanup":2}},{"name":"Other CA","total":13,"substantive":5,"pct_substantive":38,"endorsed":0,"by_category":{"cleanup":5,"uncategorized":1,"validation_improvement":4,"governance":2,"infrastructure":1}},{"name":"Sectigo","total":10,"substantive":6,"pct_substantive":60,"endorsed":18,"by_category":{"infrastructure":3,"cleanup":3,"transparency_profiles":1,"uncategorized":1,"validation_improvement":1,"incident_response":1}},{"name":"Entrust","total":10,"substantive":3,"pct_substantive":30,"endorsed":22,"by_category":{"transparency_profiles":2,"uncategorized":5,"cleanup":2,"infrastructure":1}},{"name":"TrustCor","total":5,"substantive":5,"pct_substantive":100,"endorsed":8,"by_category":{"infrastructure":5}},{"name":"GlobalSign","total":5,"substantive":5,"pct_substantive":100,"endorsed":11,"by_category":{"validation_improvement":4,"security_modernization":1}},{"name":"Let's Encrypt","total":4,"substantive":1,"pct_substantive":25,"endorsed":4,"by_category":{"cleanup":2,"governance":1,"incident_response":1}},{"name":"SecureTrust","total":2,"substantive":0,"pct_substantive":0,"endorsed":0,"by_category":{"cleanup":2}}],"category_totals":{"security_modernization":{"browsers":7,"cas":4,"total":11},"validation_improvement":{"browsers":13,"cas":21,"total":34},"incident_response":{"browsers":3,"cas":5,"total":8},"transparency_profiles":{"browsers":5,"cas":10,"total":15},"infrastructure":{"browsers":13,"cas":20,"total":33},"cleanup":{"browsers":2,"cas":25,"total":27},"governance":{"browsers":1,"cas":20,"total":21},"audit_standards":{"browsers":1,"cas":2,"total":3},"uncategorized":{"browsers":6,"cas":16,"total":22}},"recent":{"total_ballots":50,"substantive_ballots":31,"browser_summary":{"chrome":{"total":9,"substantive":6,"pct_substantive":67,"endorsed":9,"by_category":{"uncategorized":3,"validation_improvement":3,"security_modernization":2,"transparency_profiles":1}},"mozilla":{"total":4,"substantive":3,"pct_substantive":75,"endorsed":15,"by_category":{"incident_response":2,"governance":1,"security_modernization":1}},"apple":{"total":7,"substantive":6,"pct_substantive":86,"endorsed":11,"by_category":{"validation_improvement":3,"security_modernization":1,"audit_standards":1,"infrastructure":1,"uncategorized":1}},"microsoft":{"total":0,"substantive":0,"pct_substantive":0,"endorsed":5,"by_category":{}}},"top_ca_contributors":[{"name":"Other CA","total":6,"substantive":3,"pct_substantive":50,"endorsed":0,"by_category":{"cleanup":1,"uncategorized":1,"validation_improvement":3,"governance":1}},{"name":"Sectigo","total":6,"substantive":3,"pct_substantive":50,"endorsed":7,"by_category":{"infrastructure":2,"cleanup":3,"transparency_profiles":1}},{"name":"DigiCert","total":5,"substantive":3,"pct_substantive":60,"endorsed":10,"by_category":{"security_modernization":2,"cleanup":1,"incident_response":1,"uncategorized":1}},{"name":"HARICA","total":4,"substantive":4,"pct_substantive":100,"endorsed":13,"by_category":{"validation_improvement":2,"transparency_profiles":2}},{"name":"Let's Encrypt","total":4,"substantive":1,"pct_substantive":25,"endorsed":2,"by_category":{"cleanup":2,"governance":1,"incident_response":1}},{"name":"Entrust","total":3,"substantive":2,"pct_substantive":67,"endorsed":3,"by_category":{"transparency_profiles":2,"uncategorized":1}},{"name":"SecureTrust","total":2,"substantive":0,"pct_substantive":0,"endorsed":0,"by_category":{"cleanup":2}}],"category_totals":{"security_modernization":{"browsers":4,"cas":2,"total":6},"validation_improvement":{"browsers":6,"cas":5,"total":11},"incident_response":{"browsers":2,"cas":2,"total":4},"transparency_profiles":{"browsers":1,"cas":5,"total":6},"infrastructure":{"browsers":1,"cas":2,"total":3},"cleanup":{"browsers":0,"cas":9,"total":9},"governance":{"browsers":1,"cas":2,"total":3},"audit_standards":{"browsers":1,"cas":0,"total":1},"uncategorized":{"browsers":4,"cas":3,"total":7}}}},"notableGaps":{"current":[{"ca":"TrustAsia Technologies, Inc.","rank":13,"certs":504231,"stores":{"chrome":"included","mozilla":"included","apple":"not_included","microsoft":"not_included"},"missing_from":["apple","microsoft"],"included_in":["chrome","mozilla"],"wait_years":5,"wait_source":"root_creation"},{"ca":"Certainly LLC","rank":14,"certs":498632,"stores":{"chrome":"included","mozilla":"included","apple":"included","microsoft":"not_included"},"missing_from":["microsoft"],"included_in":["chrome","mozilla","apple"],"wait_years":5,"wait_source":"root_creation"},{"ca":"Cybertrust Japan Co., Ltd.","rank":23,"certs":33396,"stores":{"chrome":"not_included","mozilla":"included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","apple"],"included_in":["mozilla","microsoft"],"wait_years":null,"wait_source":null},{"ca":"Shanghai Electronic Certification Authority Co., Ltd.","rank":24,"certs":31608,"stores":{"chrome":"included","mozilla":"included","apple":"not_included","microsoft":"included"},"missing_from":["apple"],"included_in":["chrome","mozilla","microsoft"],"wait_years":11,"wait_source":"root_creation"},{"ca":"Government of Finland, Population Register Centre\u2019s (V\u00e4est\u00f6rekisterikeskus, VRK)","rank":39,"certs":2507,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":9,"wait_source":"root_creation"},{"ca":"Open Access Technology International, Inc. (OATI)","rank":41,"certs":2237,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":18,"wait_source":"root_creation"},{"ca":"PostSignum","rank":45,"certs":1028,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":8,"wait_source":"root_creation"},{"ca":"Government of Brazil, Instituto Nacional de Tecnologia da Informa\u00e7\u00e3o (ITI)","rank":47,"certs":518,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":10,"wait_source":"root_creation"},{"ca":"Prvn\u00ed certifika\u010dn\u00ed autorita, a.s.","rank":49,"certs":363,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":11,"wait_source":"root_creation"},{"ca":"Financijska agencija (Fina)","rank":51,"certs":331,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":11,"wait_source":"root_creation"},{"ca":"Krajowa Izba Rozliczeniowa S.A. (KIR)","rank":52,"certs":305,"stores":{"chrome":"included","mozilla":"included","apple":"not_included","microsoft":"included"},"missing_from":["apple"],"included_in":["chrome","mozilla","microsoft"],"wait_years":11,"wait_source":"root_creation"},{"ca":"Government of Korea, KLID","rank":53,"certs":172,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":3,"wait_source":"root_creation"},{"ca":"Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA)","rank":54,"certs":157,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":4,"wait_source":"root_creation"},{"ca":"A-Trust","rank":56,"certs":145,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":8,"wait_source":"root_creation"},{"ca":"Netlock","rank":57,"certs":92,"stores":{"chrome":"included","mozilla":"included","apple":"not_included","microsoft":"included"},"missing_from":["apple"],"included_in":["chrome","mozilla","microsoft"],"wait_years":18,"wait_source":"root_creation"},{"ca":"Agence Nationale de Certification Electronique","rank":58,"certs":80,"stores":{"chrome":"included","mozilla":"included","apple":"not_included","microsoft":"included"},"missing_from":["apple"],"included_in":["chrome","mozilla","microsoft"],"wait_years":7,"wait_source":"root_creation"},{"ca":"Visa","rank":59,"certs":61,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":21,"wait_source":"root_creation"},{"ca":"EDICOM","rank":60,"certs":47,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":12,"wait_source":"root_creation"},{"ca":"BEIJING CERTIFICATE AUTHORITY Co., Ltd.","rank":62,"certs":16,"stores":{"chrome":"not_included","mozilla":"included","apple":"not_included","microsoft":"not_included"},"missing_from":["chrome","apple","microsoft"],"included_in":["mozilla"],"wait_years":7,"wait_source":"root_creation"},{"ca":"iTrusChina Co., Ltd.","rank":63,"certs":11,"stores":{"chrome":"included","mozilla":"included","apple":"not_included","microsoft":"not_included"},"missing_from":["apple","microsoft"],"included_in":["chrome","mozilla"],"wait_years":8,"wait_source":"root_creation"},{"ca":"Autoridad de Certificaci\u00f3n (ANF AC)","rank":64,"certs":8,"stores":{"chrome":"included","mozilla":"included","apple":"not_included","microsoft":"included"},"missing_from":["apple"],"included_in":["chrome","mozilla","microsoft"],"wait_years":13,"wait_source":"root_creation"},{"ca":"e-commerce monitoring GmbH","rank":65,"certs":6,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":20,"wait_source":"root_creation"},{"ca":"Entrust","rank":67,"certs":0,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"included","microsoft":"included"},"missing_from":["chrome","mozilla"],"included_in":["apple","microsoft"],"wait_years":16,"wait_source":"root_creation"},{"ca":"AC Camerfirma, S.A.","rank":81,"certs":0,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":18,"wait_source":"root_creation"},{"ca":"Consorci Administraci\u00f3 Oberta de Catalunya (Consorci AOC, CATCert)","rank":90,"certs":0,"stores":{"chrome":"not_included","mozilla":"not_included","apple":"not_included","microsoft":"included"},"missing_from":["chrome","mozilla","apple"],"included_in":["microsoft"],"wait_years":23,"wait_source":"root_creation"}],"distrust_divergences":[{"ca":"India CCA (NIC)","year":2014,"distrusted_by":["chrome","mozilla","apple"],"still_trusted_by":["microsoft"],"leader":"chrome"},{"ca":"Certinomis","year":2019,"distrusted_by":["chrome","mozilla","apple"],"still_trusted_by":["microsoft"],"leader":"mozilla"},{"ca":"Camerfirma","year":2021,"distrusted_by":["chrome","mozilla","apple"],"still_trusted_by":["microsoft"],"leader":"mozilla"},{"ca":"Visa","year":2022,"distrusted_by":["chrome","mozilla","apple"],"still_trusted_by":["microsoft"],"leader":"mozilla"}],"historical":[{"ca":"Internet Security Research Group","common_name":"Let's Encrypt","rank":1,"certs_now":519141654,"timeline":{"root_created":"2015-06","mozilla_included":"2016-08","microsoft_included":"2018-08","apple_included":"2018-12"},"gap_years":2,"gap_description":"2-year gap between first inclusion (Mozilla Aug 2016) and Apple/Microsoft (late 2018). Relied on IdenTrust cross-sign.","resolved":true}]},"inclusionVelocity":{"mozilla_pending":[{"bug":1348774,"ca":"Thailand National Root CA - G1","filed":"2017-03-20","days_waiting":3338,"stage":"verifying","request_type":"existing_ca"},{"bug":1449941,"ca":"Fina Root CA certificate","filed":"2018-03-29","days_waiting":2964,"stage":"unknown","request_type":"new_org"},{"bug":1518460,"ca":"SISP Root CA","filed":"2019-01-08","days_waiting":2679,"stage":"verifying","request_type":"new_org"},{"bug":1532206,"ca":"MSC Trustgate root certificate(s)","filed":"2019-03-04","days_waiting":2624,"stage":"verifying","request_type":"new_org"},{"bug":1565871,"ca":"CCA ROOT CA India","filed":"2019-07-14","days_waiting":2492,"stage":"unknown","request_type":"new_org"},{"bug":1602415,"ca":"PostSignum Root QCA 4 and PostSignum Root QCA ECC R1","filed":"2019-12-09","days_waiting":2344,"stage":"verifying","request_type":"existing_ca"},{"bug":1674669,"ca":"Autoridade Certificadora Raiz Brasileira root certificate","filed":"2020-11-01","days_waiting":2016,"stage":"unknown","request_type":"existing_ca"},{"bug":1707136,"ca":"GSE SMIME Roots to Mozilla root store","filed":"2021-04-23","days_waiting":1843,"stage":"verifying","request_type":"new_org"},{"bug":1736904,"ca":"Algerian National Root CA certificate","filed":"2021-10-20","days_waiting":1663,"stage":"initial","request_type":"new_org"},{"bug":1748579,"ca":"Aspire root certificates","filed":"2022-01-05","days_waiting":1586,"stage":"initial","request_type":"new_org"},{"bug":1845081,"ca":"MOIS SSL Root CA","filed":"2023-07-24","days_waiting":1021,"stage":"unknown","request_type":"new_org"},{"bug":1870013,"ca":"Saudi National SSL root CA","filed":"2023-12-14","days_waiting":878,"stage":"initial","request_type":"existing_ca"},{"bug":1883983,"ca":"SOLUTI GLOBAL ROOT CA","filed":"2024-03-06","days_waiting":795,"stage":"initial","request_type":"new_org"},{"bug":1889859,"ca":"emSign Single-purpose Root CA Certificates","filed":"2024-04-05","days_waiting":765,"stage":"cps-review","request_type":"new_org"},{"bug":1918570,"ca":"SECOM SMIME RSA Root CA 2024","filed":"2024-09-13","days_waiting":604,"stage":"unknown","request_type":"existing_ca"},{"bug":1925173,"ca":"Cybertrust Japan SecureSign Root CA16","filed":"2024-10-17","days_waiting":570,"stage":"approved","request_type":"existing_ca"},{"bug":1938884,"ca":"NAVER Cloud Trust Services Root Certificates","filed":"2024-12-23","days_waiting":503,"stage":"verifying","request_type":"existing_ca"},{"bug":1943001,"ca":"SECOM TLS RSA Root CA 2024 and SECOM TLS ECC Root CA 2024","filed":"2025-01-22","days_waiting":473,"stage":"unknown","request_type":"existing_ca"},{"bug":1948085,"ca":"Amazon EU Roots: RSA 2048 EU M1, ECDSA 256 EU M1, and ECDSA ","filed":"2025-02-13","days_waiting":451,"stage":"verifying","request_type":"existing_ca"},{"bug":1960408,"ca":"IdenTrust single purpose roots","filed":"2025-04-14","days_waiting":391,"stage":"verifying","request_type":"existing_ca"},{"bug":1968852,"ca":"Telia Company's S/MIME & TLS Roots","filed":"2025-05-28","days_waiting":347,"stage":"unknown","request_type":"existing_ca"},{"bug":1978904,"ca":"NETLOCK's S/MIME & TLS Root","filed":"2025-07-23","days_waiting":291,"stage":"initial","request_type":"new_org"},{"bug":1983217,"ca":"Aretiico Group PLC and Aretiico Inc root certificates to Moz","filed":"2025-08-15","days_waiting":268,"stage":"initial","request_type":"existing_ca"},{"bug":1988341,"ca":"ACCV ROOT RSA TLS 2024 and ACCV ROOT ECC TLS 2024 root certi","filed":"2025-09-12","days_waiting":240,"stage":"verifying","request_type":"new_org"},{"bug":1988361,"ca":"SHECA Single-purpose Root CA Certificates","filed":"2025-09-12","days_waiting":240,"stage":"verifying","request_type":"new_org"},{"bug":1990213,"ca":"certSIGN Root CA G4 root certificate","filed":"2025-09-23","days_waiting":229,"stage":"verifying","request_type":"existing_ca"},{"bug":1992971,"ca":"Actalis TLS Root CAs 2025 and Actalis SMIME Root CAs 2025","filed":"2025-10-07","days_waiting":215,"stage":"verifying","request_type":"existing_ca"},{"bug":2001274,"ca":"Cybertrust Japan Root CA Cybertrust iTrust TLS ECCP384 Root ","filed":"2025-11-20","days_waiting":171,"stage":"initial","request_type":"existing_ca"},{"bug":2001275,"ca":"Cybertrust Japan Root CA Cybertrust iTrust TLS RSA4096 Root ","filed":"2025-11-20","days_waiting":171,"stage":"initial","request_type":"existing_ca"},{"bug":2007765,"ca":"Chunghwa Telecom CHT TrustRoot CA","filed":"2025-12-26","days_waiting":135,"stage":"initial","request_type":"existing_ca"},{"bug":2011714,"ca":"\"OATI webCARES Server Root CA\" to the Mozilla Root CA Progra","filed":"2026-01-21","days_waiting":109,"stage":"initial","request_type":"new_org"},{"bug":2031847,"ca":"FNMT TLS RSA Root Certificate SERVIDORES SEGUROS G2R","filed":"2026-04-14","days_waiting":26,"stage":"initial","request_type":"new_org"},{"bug":2033449,"ca":"A-Trust SMIME Root","filed":"2026-04-20","days_waiting":20,"stage":"initial","request_type":"existing_ca"},{"bug":2037054,"ca":"Certum TLS RSA Root CA and Certum TLS ECC Root CA","filed":"2026-05-05","days_waiting":5,"stage":"initial","request_type":"new_org"}],"mozilla_completed_recent":[{"bug":1658793,"ca":"Cybertrust Japan SecureSign Roots (CA12, CA14 and CA15)","filed":"2020-08-12","resolved":"2025-01-24","days":1626,"request_type":"existing_ca"},{"bug":1647181,"ca":"BJCA root certificate(s)","filed":"2020-06-22","resolved":"2023-05-11","days":1053,"request_type":"new_org"},{"bug":1688854,"ca":"TrustAsia root certificates","filed":"2021-01-26","resolved":"2023-11-30","days":1038,"request_type":"existing_ca"},{"bug":1627552,"ca":"e-commerce monitoring's GLOBALTRUST 2020 root certificate","filed":"2020-04-05","resolved":"2022-11-14","days":953,"request_type":"existing_ca"},{"bug":1628720,"ca":"E-Tugra Root Certificates RSA v3 / ECC v3","filed":"2020-04-09","resolved":"2022-11-14","days":949,"request_type":"new_org"},{"bug":1637269,"ca":"GlobalSign SMIME Roots to Mozilla root store","filed":"2020-05-12","resolved":"2022-11-14","days":916,"request_type":"existing_ca"},{"bug":1710831,"ca":"LAWtrust Root CA2 to NSS","filed":"2021-05-12","resolved":"2023-08-01","days":811,"request_type":"existing_ca"},{"bug":1664161,"ca":"Telia CA root certificate","filed":"2020-09-10","resolved":"2022-11-14","days":795,"request_type":"existing_ca"},{"bug":1873057,"ca":"Microsec \"e-Szigno TLS Root CA 2023\"","filed":"2024-01-04","resolved":"2026-02-18","days":776,"request_type":"existing_ca"},{"bug":1675821,"ca":"Re-Signed GTS Roots","filed":"2020-11-06","resolved":"2022-11-14","days":738,"request_type":"new_org"},{"bug":1845047,"ca":"SwissSign RSA TLS Root CA 2022 - 1 and SwissSign RSA SMIME R","filed":"2023-07-24","resolved":"2025-07-12","days":719,"request_type":"existing_ca"},{"bug":1785215,"ca":"\"FIRMAPROFESIONAL CA ROOT-A WEB\" Root Certificate","filed":"2022-08-17","resolved":"2024-06-10","days":663,"request_type":"new_org"},{"bug":1694421,"ca":"DigitalSign's root certificates","filed":"2021-02-23","resolved":"2022-11-14","days":629,"request_type":"new_org"},{"bug":1836258,"ca":"D-TRUST BR Root CA 2 2023 and D-TRUST EV Root CA 2 2023","filed":"2023-06-01","resolved":"2025-02-18","days":628,"request_type":"existing_ca"},{"bug":1695487,"ca":"HARICA 2021 TLS Root CA Certificates to Mozilla Root store p","filed":"2021-02-28","resolved":"2022-11-14","days":624,"request_type":"existing_ca"},{"bug":1695486,"ca":"HARICA 2021 SMIME Root CA Certificates to Mozilla Root store","filed":"2021-02-28","resolved":"2022-11-14","days":624,"request_type":"existing_ca"},{"bug":1763177,"ca":"Commscope Root Certificates","filed":"2022-04-05","resolved":"2023-11-28","days":602,"request_type":"new_org"},{"bug":1706228,"ca":"DigiCert root Certificates","filed":"2021-04-20","resolved":"2022-11-14","days":573,"request_type":"existing_ca"},{"bug":1781510,"ca":"D-Trust SBR Root CAs 1 & 2 2022","filed":"2022-07-26","resolved":"2024-02-01","days":555,"request_type":"existing_ca"},{"bug":1799533,"ca":"SSL.com 2022 TLS Root CA Certificates","filed":"2022-11-07","resolved":"2024-03-15","days":494,"request_type":"existing_ca"},{"bug":1720400,"ca":"Actalis intermediate certs to OneCRL","filed":"2021-07-13","resolved":"2022-11-14","days":489,"request_type":"existing_ca"},{"bug":1727941,"ca":"Certainly R1 and E1 Root Certificates","filed":"2021-08-27","resolved":"2022-11-14","days":444,"request_type":"existing_ca"},{"bug":1849702,"ca":"Taiwan-CA Inc. (TWCA) root certificates","filed":"2023-08-22","resolved":"2024-09-13","days":388,"request_type":"existing_ca"},{"bug":1782092,"ca":"Atos Roots","filed":"2022-07-28","resolved":"2023-08-01","days":369,"request_type":"new_org"},{"bug":1820592,"ca":"Telekom Security Root Certificates","filed":"2023-03-06","resolved":"2024-02-16","days":347,"request_type":"existing_ca"},{"bug":1936279,"ca":"OISTE root certificates","filed":"2024-12-10","resolved":"2025-11-19","days":344,"request_type":"existing_ca"},{"bug":1929329,"ca":"TrustAsia Dedicated Roots","filed":"2024-11-05","resolved":"2025-09-27","days":326,"request_type":"existing_ca"},{"bug":1799703,"ca":"SSL.com 2022 Client Root CA Certificates","filed":"2022-11-08","resolved":"2023-08-01","days":266,"request_type":"existing_ca"},{"bug":1817340,"ca":"Sectigo R46/E46 Roots","filed":"2023-02-16","resolved":"2023-08-14","days":179,"request_type":"existing_ca"}],"mozilla_stats":{"pending_count":34,"completed_count":29,"median_days":624,"mean_days":652,"max_days":1626,"longest_pending_days":3338,"new_org":{"count":7,"median_days":663,"mean_days":715,"max_days":1053,"pending_count":16,"longest_pending_days":2964},"existing_ca":{"count":22,"median_days":598,"mean_days":632,"max_days":1626,"pending_count":18,"longest_pending_days":3338}},"note":"Mozilla only \u2014 only root program with a fully public inclusion pipeline (Bugzilla)."},"coverageRateByYear":[{"y":2014,"total_bugs":3,"chrome":33.3,"mozilla":33.3,"apple":0.0,"microsoft":0.0},{"y":2015,"total_bugs":1,"chrome":0.0,"mozilla":100.0,"apple":0.0,"microsoft":0.0},{"y":2016,"total_bugs":5,"chrome":20.0,"mozilla":80.0,"apple":0.0,"microsoft":0.0},{"y":2017,"total_bugs":123,"chrome":49.6,"mozilla":86.2,"apple":0.0,"microsoft":0.0},{"y":2018,"total_bugs":108,"chrome":16.7,"mozilla":82.4,"apple":0.0,"microsoft":0.0},{"y":2019,"total_bugs":255,"chrome":67.8,"mozilla":78.0,"apple":0.0,"microsoft":0.0},{"y":2020,"total_bugs":237,"chrome":66.2,"mozilla":49.4,"apple":0.0,"microsoft":0.0},{"y":2021,"total_bugs":187,"chrome":58.3,"mozilla":30.5,"apple":0.0,"microsoft":0.0},{"y":2022,"total_bugs":106,"chrome":22.6,"mozilla":28.3,"apple":0.0,"microsoft":0.0},{"y":2023,"total_bugs":133,"chrome":15.0,"mozilla":27.1,"apple":0.0,"microsoft":0.0},{"y":2024,"total_bugs":236,"chrome":22.5,"mozilla":32.2,"apple":5.9,"microsoft":0.0},{"y":2025,"total_bugs":223,"chrome":18.4,"mozilla":9.9,"apple":5.4,"microsoft":0.0},{"y":2026,"total_bugs":122,"chrome":7.4,"mozilla":4.9,"apple":9.8,"microsoft":0.0}]},"ecosystemParticipation":{"meta":{"generated_at":"2026-05-10T08:09:28.488558+00:00","pipeline_version":"1.1","total_orgs":62,"total_cabf_ca_members":56,"total_individuals":129,"total_ballots":174,"note_technical":"technical_comments counts LLM-classified substantive comments (cert/CRL analysis, specific BR citations, investigative questions). Values may exceed bugs_engaged since multiple technical comments per bug are counted.","note_baseline":"All CABF CA members included as org rows, even those with zero engagement. cabf_member=true indicates formal membership. Absence of engagement by a member is as meaningful as presence."},"cabfMemberCount":56,"activeMemberCount":21,"zeroContributionCount":35,"topOrganizations":[{"name":"Sectigo","cabfMember":true,"bugzillaEngaged":132,"ballotsProposed":9,"ballotsEndorsed":18,"bugsFiled":13},{"name":"DigiCert","cabfMember":true,"bugzillaEngaged":31,"ballotsProposed":60,"ballotsEndorsed":38,"bugsFiled":0},{"name":"HARICA","cabfMember":true,"bugzillaEngaged":52,"ballotsProposed":16,"ballotsEndorsed":29,"bugsFiled":0},{"name":"Let's Encrypt","cabfMember":true,"bugzillaEngaged":60,"ballotsProposed":2,"ballotsEndorsed":2,"bugsFiled":0},{"name":"iSigma","cabfMember":false,"bugzillaEngaged":17,"ballotsProposed":0,"ballotsEndorsed":0,"bugsFiled":7},{"name":"Entrust","cabfMember":true,"bugzillaEngaged":0,"ballotsProposed":9,"ballotsEndorsed":20,"bugsFiled":0},{"name":"Certainly/Fastly","cabfMember":true,"bugzillaEngaged":5,"ballotsProposed":5,"ballotsEndorsed":6,"bugsFiled":0},{"name":"GlobalSign","cabfMember":true,"bugzillaEngaged":1,"ballotsProposed":5,"ballotsEndorsed":11,"bugsFiled":0},{"name":"TrustCor Systems","cabfMember":false,"bugzillaEngaged":0,"ballotsProposed":5,"ballotsEndorsed":8,"bugsFiled":0},{"name":"SwissSign","cabfMember":true,"bugzillaEngaged":6,"ballotsProposed":0,"ballotsEndorsed":4,"bugsFiled":0},{"name":"SSL.com","cabfMember":true,"bugzillaEngaged":4,"ballotsProposed":1,"ballotsEndorsed":3,"bugsFiled":0},{"name":"Amazon Trust Services","cabfMember":true,"bugzillaEngaged":1,"ballotsProposed":2,"ballotsEndorsed":5,"bugsFiled":0},{"name":"Cisco","cabfMember":false,"bugzillaEngaged":0,"ballotsProposed":2,"ballotsEndorsed":1,"bugsFiled":0},{"name":"Certum/Asseco","cabfMember":true,"bugzillaEngaged":0,"ballotsProposed":1,"ballotsEndorsed":0,"bugsFiled":0},{"name":"Telia","cabfMember":true,"bugzillaEngaged":1,"ballotsProposed":0,"ballotsEndorsed":1,"bugsFiled":0},{"name":"Certinomis","cabfMember":false,"bugzillaEngaged":1,"ballotsProposed":0,"ballotsEndorsed":0,"bugsFiled":0},{"name":"Chunghwa Telecom","cabfMember":true,"bugzillaEngaged":1,"ballotsProposed":0,"ballotsEndorsed":0,"bugsFiled":0},{"name":"PKIoverheid","cabfMember":false,"bugzillaEngaged":1,"ballotsProposed":0,"ballotsEndorsed":0,"bugsFiled":0}],"topBallotIndividuals":[{"name":"Stephen Davidson","proposed":36,"endorsed":1},{"name":"Dimitris Zacharopoulos","proposed":15,"endorsed":28},{"name":"Tim Hollebeek","proposed":9,"endorsed":20},{"name":"Bruce Morton","proposed":6,"endorsed":20},{"name":"Martijn Katerbarg","proposed":8,"endorsed":13},{"name":"Corey Bonnell","proposed":8,"endorsed":10},{"name":"Doug Beattie","proposed":5,"endorsed":6},{"name":"Ben Wilson","proposed":4,"endorsed":2},{"name":"Dean Coclin","proposed":3,"endorsed":3},{"name":"Neil Dunbar","proposed":2,"endorsed":6},{"name":"Daniel Jeffery","proposed":3,"endorsed":2},{"name":"Dunbar","proposed":3,"endorsed":2},{"name":"Wayne Thayer","proposed":2,"endorsed":4},{"name":"Aaron Gable","proposed":2,"endorsed":2},{"name":"Ben Slaughter","proposed":2,"endorsed":1}],"individualCount":129},"regulatorySurface":{"currentYear":2026,"totalObligations":6651,"mandatory":5050,"recommended":625,"optional":976,"mandatoryPct":76,"baselineYear":2000,"baselineTotal":55,"growthMultiple":121,"sourceTotals":{"cabfForum":2779,"rootPrograms":537,"auditIetf":1972,"regulatory":761},"tlsBr":{"v1_0_total":278,"current_total":1262,"operational":560,"profileSpec":702},"ballots":{"total":0,"since2022":0,"byDoc":{}},"timeSeries":[{"y":2000,"t":55,"m":40},{"y":2001,"t":55,"m":40},{"y":2002,"t":55,"m":40},{"y":2003,"t":55,"m":40},{"y":2004,"t":286,"m":218},{"y":2005,"t":286,"m":218},{"y":2006,"t":286,"m":218},{"y":2007,"t":286,"m":218},{"y":2008,"t":883,"m":576},{"y":2009,"t":883,"m":576},{"y":2010,"t":883,"m":576},{"y":2011,"t":883,"m":576},{"y":2012,"t":1216,"m":838},{"y":2013,"t":1249,"m":856},{"y":2014,"t":1249,"m":856},{"y":2015,"t":1552,"m":1084},{"y":2016,"t":1594,"m":1114},{"y":2017,"t":1655,"m":1167},{"y":2018,"t":1850,"m":1306},{"y":2019,"t":2257,"m":1563},{"y":2020,"t":2627,"m":1933},{"y":2021,"t":3821,"m":2832},{"y":2022,"t":3980,"m":2942},{"y":2023,"t":4533,"m":3401},{"y":2024,"t":6562,"m":4981},{"y":2025,"t":6698,"m":5086},{"y":2026,"t":6651,"m":5050}],"methodology":""},"tabIntros":{"generatedAt":"2026-05-10T08:24:50.439718+00:00","model":"claude-sonnet-4-5","note":"Analyst summaries generated by Claude from the prior day's snapshot. Each paragraph states the key finding for that tab with specific numbers and connects to related tabs.","intros":{"market":"The WebPKI market is highly concentrated, with the top 5 CAs controlling 93.6% of all issuance. Internet Security Research Group leads at 40.8%, followed by Google Trust Services at 15.8%, DigiCert at 13.6%, GoDaddy at 12.5%, and Sectigo at 11.0%. The remaining 80 CAs in the tail collectively serve just 6.4% of the market. An HHI of 2,396 indicates moderate concentration, with three CAs holding 70.1% combined market share.","trust":"The trust surface comprises 335 roots across four major trust stores, yet only 38 CA owners appear in all four stores and just 90 individual roots enjoy universal trust. Microsoft maintains 142 roots not present in Chrome, Mozilla, or Apple stores, creating significant fragmentation. This disagreement forces CAs to maintain multiple certificate chains and complicates deployment decisions, as a chain trusted in Edge may fail validation in Chrome or Safari.","conc":"Three CAs control 70.1% of all issuance, and five CAs control 93.6%, creating severe systemic dependency on a handful of organizations. An HHI of 2,396 reflects moderate market concentration, but the WebPKI's winner-take-most dynamics mean Internet Security Research Group alone underpins four in ten HTTPS connections globally. Any operational failure, compliance incident, or distrust action against a top-5 CA would immediately affect a substantial fraction of the encrypted web.","tail":"Eighty CAs collectively issue just 6.4% of all certificates yet maintain full trust store inclusion, creating asymmetric risk exposure for root programs. These low-volume operators range from regional providers to specialized enterprise CAs, each carrying the same systemic privileges as high-volume issuers. The incident data shows 54 CAs have experienced at least one disclosed compliance failure, suggesting the tail harbors proportionally more operational risk than the concentrated head.","geo":"United States-based CAs dominate the WebPKI with 88.6% of global issuance from just 16 organizations, while 48 European CAs collectively issue 11.4%. Asia-Pacific CAs represent 17 organizations but account for only 0.05% of issuance, and Americas and Middle East/Africa regions contribute negligible volume. This geographic concentration means U.S. legal jurisdiction, corporate governance norms, and regulatory oversight effectively govern nine out of ten HTTPS certificates worldwide.","gov":"Thirty-one government-operated or state-owned CAs hold root trust despite issuing just 0.06% of public certificates. These CAs span jurisdictions including China, Russia, Turkey, India, and multiple European nations, each subject to domestic legal frameworks that may compel surveillance or interception. The minimal issuance share masks the strategic risk: state actors with root privileges can issue trusted certificates for any domain without detection unless Certificate Transparency logs are monitored.","jurisdiction":"Five jurisdictions are classified as high-risk due to legal frameworks enabling compelled disclosure or weakened encryption: China, Russia, the United Kingdom, Australia, and Hong Kong. India and Turkey carry moderate risk from expanding surveillance authorities and government pressure on technology providers. CAs incorporated in these jurisdictions face legal obligations that may conflict with WebPKI baseline requirements, particularly around key protection, audit independence, and disclosure of government access requests.","ops":"Certificate authorities have disclosed 1,466 incidents affecting 54 CAs, with misissuance leading at 583 cases, followed by 451 governance failures, 310 revocation issues, and 122 validation errors. Only 23% of incidents are self-detected, while external researchers, automated tools, and root programs discover the majority of compliance failures. Policy failures account for 168 incidents and disclosure failures for 118, indicating systemic underreporting and weak internal controls across the CA community.","crypto":"Root certificate algorithms, key sizes, and cryptographic standards compliance data is not available in the current digest. This tab would typically assess SHA-1 deprecation status, RSA key length distribution, ECDSA adoption rates, and compliance with NIST and CA/Browser Forum cryptographic requirements.","distrust":"Sixteen distrust events have occurred across the CA ecosystem, with 14 stemming from compliance and operational failures rather than cryptographic compromise. Seven cases involved negligent noncompliance, three demonstrated willful circumvention, and three reflected demonstrated incompetence, while ten events followed a pattern of repeated issues rather than isolated incidents. Browsers grant a median runway of 1,185 days between distrust announcement and enforcement, creating extended periods where compromised CAs remain partially trusted.","policy":"Of 43 active TLS issuers measured, only 12 are ready for the 47-day maximum validity target arriving in March 2029, while 4 remain at risk of missing even the 200-day limit from March 2026 and 5 face the 100-day threshold in March 2027. Median current usage sits at 65 days, suggesting many CAs are operationally unprepared for the coming validity reductions. Compliance difficulty is compounded by a regulatory surface that has grown 121-fold since 2000 to 6,651 total obligations, with 76% classified as mandatory requirements spanning CA/Browser Forum baseline requirements, four root program policies, WebTrust and ETSI audit criteria, and IETF/ISO/NIST standards.","governance":"Root program oversight coverage has collapsed from 67.8% (Chrome) and 78.0% (Mozilla) of incidents in 2019 to just 18.4% and 9.9% respectively in 2025, while Apple dropped from recent engagement to 5.4% and Microsoft maintains zero participation. Chrome has commented substantively on 290 of 718 total oversight bugs, with 109 recent substantive interventions, while Mozilla shows 248 substantive comments across 813 bugs but only 46 recently. This governance withdrawal leaves the majority of CA compliance incidents unaddressed by the trust store operators who grant root privileges, shifting enforcement burden to external researchers and automated monitoring.","community":"The CA/Browser Forum has 56 member organizations, but only 21 contribute actively while 35 maintain zero participation in ballot or policy development. Sectigo leads organizational contribution, and Stephen Davidson has proposed 36 ballots while endorsing just 1, demonstrating concentrated policy leadership. This silent majority pattern means a small group of repeat participants shapes baseline requirements and technical standards for an ecosystem where 80 tail CAs hold full trust privileges but contribute nothing to governance.","audit":"Auditors caught only 25% of in-scope incidents that occurred during their examination periods, with 105 detected out of 417 total incidents covered by audit letters. Thirty-eight CAs show high transparency gaps between clean audit opinions and disclosed Bugzilla incident histories, while 6 received qualified opinions and 19 changed auditors in 2025 alone. Self-reported exceptions appear in 57.9% of WebTrust letters and 61.9% of ETSI reports, yet most disclosed items are minor procedural findings rather than the material misissuance and governance failures visible in public incident data."}},"auditIntelligence":{"generatedAt":"2026-05-10T08:07:21.298926Z","summary":{"totalCAOwners":88,"parsedLetters":81,"highTransparencyGap":38,"qualifiedOpinions":6,"mattersWithoutBzAnchor":11,"auditorHHI":496.8,"auditRecordStatus":{"named":86,"extractable":1,"lapsed":1,"no_record":0},"stalenessDistribution":{"current":15,"stale":29,"aging":33,"very_stale":11}},"frameworkStats":{"WebTrust":51,"ETSI":37},"selfReportByFramework":{"webTrust":57.9,"etsi":61.9},"inPeriodDetection":{"covered":417,"caught":105,"multiCycleMisses":40,"detectionPct":25.2,"note":"Denominator = unique bugs with at least one covering audit period. Caught = mentioned in any covering letter."},"perAuditorDetection":[{"auditor":"MATRIX Ltd.","caught":11,"total":11,"detectionPct":100.0},{"auditor":"Anthony Kam & Associates Ltd.","caught":3,"total":3,"detectionPct":100.0},{"auditor":"TayllorCox PCEB","caught":3,"total":3,"detectionPct":100.0},{"auditor":"SunRise CPAs / DFK","caught":7,"total":12,"detectionPct":58.3},{"auditor":"T\u00dcV Austria","caught":7,"total":18,"detectionPct":38.9},{"auditor":"AENOR","caught":3,"total":8,"detectionPct":37.5},{"auditor":"T\u00dcV NORD","caught":1,"total":3,"detectionPct":33.3},{"auditor":"QSCert","caught":1,"total":3,"detectionPct":33.3},{"auditor":"BDO International","caught":41,"total":153,"detectionPct":26.8},{"auditor":"Deloitte","caught":5,"total":21,"detectionPct":23.8},{"auditor":"datenschutz cert GmbH","caught":1,"total":5,"detectionPct":20.0},{"auditor":"Ernst & Young","caught":13,"total":70,"detectionPct":18.6},{"auditor":"Schellman","caught":4,"total":34,"detectionPct":11.8},{"auditor":"KPMG","caught":5,"total":51,"detectionPct":9.8},{"auditor":"LSTI","caught":0,"total":8,"detectionPct":0.0},{"auditor":"QMSCERT","caught":0,"total":6,"detectionPct":0.0},{"auditor":"PwC","caught":0,"total":5,"detectionPct":0.0},{"auditor":"T\u00dcViT","caught":0,"total":8,"detectionPct":0.0},{"auditor":"BDO Consulting (Malaysia)","caught":0,"total":7,"detectionPct":0.0},{"auditor":"Certop Informatikai Tan\u00fas\u00edt\u00e1si Szolg\u00e1ltat\u00e1sok Kft.","caught":0,"total":6,"detectionPct":0.0},{"auditor":"Scott S. Perry CPA, PLLC","caught":0,"total":32,"detectionPct":0.0},{"auditor":"Crowe FST Audit Ltd","caught":0,"total":6,"detectionPct":0.0}],"alvEquivalentFindings":{"parsedLetters":81,"missingRootFingerprints":0,"certificateScopeGaps":9,"accurateFingerprintCoverage":0,"untracedRoots":3,"missingFingerprintsPct":0,"scopeGapsPct":11},"perAuditorAlvFindings":[{"auditor":"Ernst & Young","clients":6,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"KPMG","clients":10,"missingFingerprintsPct":0,"scopeGapPct":10},{"auditor":"TayllorCox PCEB","clients":5,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"Deloitte","clients":8,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"SunRise CPAs / DFK","clients":5,"missingFingerprintsPct":0,"scopeGapPct":40},{"auditor":"CSQA Certificazioni","clients":2,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"QMSCERT","clients":2,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"A-SIT","clients":2,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"AENOR","clients":4,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"T\u00dcV NORD","clients":2,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"datenschutz cert GmbH","clients":2,"missingFingerprintsPct":0,"scopeGapPct":0},{"auditor":"Auren","clients":2,"missingFingerprintsPct":0,"scopeGapPct":50},{"auditor":"Schellman","clients":3,"missingFingerprintsPct":0,"scopeGapPct":33},{"auditor":"BDO International","clients":6,"missingFingerprintsPct":0,"scopeGapPct":0}],"qualifiedOpinions":[{"ca":"Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)","stores":["microsoft"],"auditor":"KPMG"},{"ca":"Entrust","stores":["apple","microsoft"],"auditor":"Deloitte"},{"ca":"e-commerce monitoring GmbH","stores":["microsoft"],"auditor":"A-SIT"},{"ca":"Microsoft Corporation","stores":["apple","chrome","microsoft","mozilla"],"auditor":"Deloitte"},{"ca":"Government of Finland, Population Register Centre\u2019s (V\u00e4est\u00f6rekisterikeskus, VRK)","stores":["microsoft"],"auditor":"QMSCERT"},{"ca":"Government of The Netherlands, PKIoverheid (Logius)","stores":["microsoft","mozilla"],"auditor":"KPMG"}],"highTransparencyGapCAs":[{"ca":"DigiCert","incidentCount":173,"gapScore":98.3,"mattersCount":3,"auditor":"BDO International","framework":"WebTrust"},{"ca":"Sectigo","incidentCount":110,"gapScore":98.2,"mattersCount":2,"auditor":"BDO International","framework":"WebTrust"},{"ca":"IdenTrust Services, LLC","incidentCount":75,"gapScore":96.0,"mattersCount":4,"auditor":"BDO International","framework":"WebTrust"},{"ca":"SwissSign AG","incidentCount":65,"gapScore":93.8,"mattersCount":4,"auditor":"T\u00dcV Austria","framework":"ETSI"},{"ca":"GlobalSign nv-sa","incidentCount":56,"gapScore":91.1,"mattersCount":5,"auditor":"KPMG","framework":"WebTrust"},{"ca":"Microsoft Corporation","incidentCount":51,"gapScore":94.1,"mattersCount":3,"auditor":"Deloitte","framework":"WebTrust"},{"ca":"GoDaddy","incidentCount":47,"gapScore":93.6,"mattersCount":3,"auditor":"Schellman","framework":"WebTrust"},{"ca":"Asseco Data Systems S.A.","incidentCount":47,"gapScore":95.7,"mattersCount":2,"auditor":"Ernst & Young","framework":"WebTrust"},{"ca":"Government of The Netherlands, PKIoverheid (Logius)","incidentCount":45,"gapScore":100.0,"mattersCount":0,"auditor":"KPMG","framework":"WebTrust"},{"ca":"Netlock","incidentCount":39,"gapScore":82.1,"mattersCount":7,"auditor":"MATRIX Ltd.","framework":"ETSI"}],"etsiAalAdoption":{"unknown":6,"2":1,"3.1":4,"2.9":1,"3.3":3,"3.0":1,"3.4":15,"3.5":1},"auditorChanges":[{"year":2024,"ca":"Department of Defence Australia","from":"Deloitte","to":"Ionize"},{"year":2025,"ca":"Autoridad de Certificaci\u00f3n (ANF AC)","from":"CSQA Certificazioni","to":"DEKRA"},{"year":2025,"ca":"EDICOM","from":"Audit Trust","to":"AENOR"},{"year":2025,"ca":"ComSign","from":"Sharony - Shefler & Co. CPA","to":"BDO Israel"},{"year":2025,"ca":"Microsoft Corporation","from":"BDO International","to":"Deloitte"},{"year":2025,"ca":"Government of Japan, Digital Agency","from":"Ernst & Young","to":"Deloitte"},{"year":2025,"ca":"Halcom D.D.","from":"SLOVENIAN ACCREDITATION","to":"Bureau Veritas d.o.o."},{"year":2025,"ca":"IdenTrust Services, LLC","from":"Schellman","to":"BDO International"},{"year":2026,"ca":"IdenTrust Services, LLC","from":"BDO International","to":"Schellman"},{"year":2025,"ca":"Government of Finland, Population Register Centre\u2019s (V\u00e4est\u00f6rekisterikeskus, VRK)","from":"datenschutz cert GmbH","to":"QMSCERT"},{"year":2024,"ca":"Netlock","from":"Certop Informatikai Tan\u00fas\u00edt\u00e1si Szolg\u00e1ltat\u00e1sok Kft.","to":"MATRIX Ltd."},{"year":2025,"ca":"China Financial Certification Authority (CFCA)","from":"PwC","to":"Anthony Kam & Associates Ltd."},{"year":2025,"ca":"TrustAsia Technologies, Inc.","from":"Anthony Kam & Associates Ltd.","to":"SunRise CPAs / DFK"},{"year":2025,"ca":"Government of Brazil, Instituto Nacional de Tecnologia da Informa\u00e7\u00e3o (ITI)","from":"Ernst & Young","to":"Moreira Associados Auditores Independentes"},{"year":2025,"ca":"Sectigo","from":"Deloitte","to":"BDO International"},{"year":2025,"ca":"Sectigo","from":"BDO International","to":"Deloitte"},{"year":2025,"ca":"Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM)","from":"ICTA/BTK - Turkish Information and Communication Technologies Authority","to":"KIWA CERMET Italia S.p.A"},{"year":2025,"ca":"Agence Nationale de Certification Electronique","from":"LSTI","to":"Deloitte"},{"year":2025,"ca":"Chunghwa Telecom","from":"SunRise CPAs / DFK","to":"KPMG"},{"year":2025,"ca":"Chunghwa Telecom","from":"KPMG","to":"SunRise CPAs / DFK"},{"year":2025,"ca":"Izenpe S.A.","from":"LSTI","to":"AENOR"},{"year":2026,"ca":"Buypass","from":"BSI","to":"Attestic B.V."},{"year":2025,"ca":"Telia Company","from":"KPMG","to":"datenschutz cert GmbH"},{"year":2026,"ca":"A-Trust","from":"Ernst & Young","to":"A-SIT"},{"year":2026,"ca":"GoDaddy","from":"KPMG","to":"Schellman"},{"year":2026,"ca":"Government of Hong Kong (SAR), Hongkong Post, Certizen","from":"PwC","to":"RSM Hong Kong"},{"year":2026,"ca":"certSIGN","from":"LSTI","to":"Crowe FST Audit Ltd"},{"year":2026,"ca":"Actalis","from":"IMQ S.p.A.","to":"TayllorCox PCEB"}],"mattersWithoutBzAnchor":[{"ca":"Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)","summary":"Not all necessary information is described in the terms of use (REQ-6.2-02)."},{"ca":"Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)","summary":"The validity period of an identification in which certificates may be issued is "},{"ca":"Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)","summary":"The asset management documentation has not been finalized and formally approved "},{"ca":"Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)","summary":"The racks are in a server room shared with other departments and are physically "},{"ca":"Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)","summary":"The Policy and Layout document does not formally list id-etsi-qcs-QcCompliance ("},{"ca":"Macao Post and Telecommunications Bureau","summary":"All certificates issued by eSignTrust contain an \"Organisation\" attribute of \"Ma"},{"ca":"Carillon Information Security Inc.","summary":"On March 16, 2024, Carillon migrated to a new CIS infrastructure, which included"},{"ca":"Government of Sweden (F\u00f6rs\u00e4kringskassan)","summary":"SSIA overlooked CA/Browser Forum ballot SC47v2 when published in 2021, which pro"},{"ca":"Shanghai Electronic Certification Authority Co., Ltd.","summary":"SHECA's management disclosed 4 incidents during the audit period, with remedial "},{"ca":"DigitalSign - Certificadora Digital, S.A.","summary":"One minor non-conformity was identified regarding lack of documentation of the v"},{"ca":"IdenTrust Services, LLC","summary":"For two out of two quarters selected for testing, IdenTrust did not select at le"},{"ca":"Saudi Data and Artificial Intelligence Authority (SDAIA)","summary":"During the examination period there were no instances or occurrences of key gene"},{"ca":"Google Trust Services LLC","summary":"GTS issued one certificate to a new team member without proper authorization wor"},{"ca":"Izenpe S.A.","summary":"The OCSP responder certificate contained a not allowed Key Usage."},{"ca":"A-Trust","summary":"No assertion to a mass revocation plan in section 5.7.1 of the combined CP/CPS v"}],"topAuditors":[{"name":"KPMG","caCount":10,"country":"Global (US/UK)","avgQualityScore":67.0,"avgGapScore":98.2,"highGapCount":5,"avgMattersPerCA":1.0},{"name":"Deloitte","caCount":8,"country":"Global (US/UK)","avgQualityScore":76.9,"avgGapScore":72.0,"highGapCount":1,"avgMattersPerCA":1.2},{"name":"Ernst & Young","caCount":6,"country":"Global (US/UK)","avgQualityScore":65.3,"avgGapScore":92.5,"highGapCount":3,"avgMattersPerCA":1.3},{"name":"BDO International","caCount":6,"country":"Global (US/UK)","avgQualityScore":51.5,"avgGapScore":96.9,"highGapCount":6,"avgMattersPerCA":2.0},{"name":"TayllorCox PCEB","caCount":5,"country":"Czech Republic","avgQualityScore":83.8,"avgGapScore":93.5,"highGapCount":2,"avgMattersPerCA":0.6},{"name":"SunRise CPAs / DFK","caCount":5,"country":"United States","avgQualityScore":58.3,"avgGapScore":86.6,"highGapCount":3,"avgMattersPerCA":1.6},{"name":"AENOR","caCount":4,"country":"Spain","avgQualityScore":77.7,"avgGapScore":78.9,"highGapCount":1,"avgMattersPerCA":2.5},{"name":"CSQA Certificazioni","caCount":3,"country":"Italy","avgQualityScore":80.8,"avgGapScore":null,"highGapCount":0,"avgMattersPerCA":0.5},{"name":"Schellman","caCount":3,"country":"United States","avgQualityScore":57.4,"avgGapScore":85.7,"highGapCount":2,"avgMattersPerCA":1.7},{"name":"LSTI","caCount":3,"country":"France","avgQualityScore":91.7,"avgGapScore":null,"highGapCount":0,"avgMattersPerCA":0.0},{"name":"A-SIT","caCount":2,"country":"Austria","avgQualityScore":85.7,"avgGapScore":null,"highGapCount":0,"avgMattersPerCA":1.0},{"name":"DEKRA","caCount":2,"country":"Spain","avgQualityScore":null,"avgGapScore":null,"highGapCount":0,"avgMattersPerCA":null}]},"crlInfrastructureHealth":{"generatedAt":"2026-05-10T08:09:28Z","totalUrls":11310,"okCount":11240,"issueCount":70,"casTotal":83,"casWithIssues":25,"healthPct":99.4,"statusBreakdown":{"https_cert_expired":25,"ok":11240,"stale":10,"timeout":4,"http_403":2,"http_404":3,"issuer_mismatch":7,"url_inferred":1,"dns_error":1,"br_violation":6,"tls_hostname_mismatch":3,"connection_error":5,"parse_failed":2,"unknown":1},"totalRevoked":17571758,"revocationsPerDay":78.3,"globalRevocationPpm":18063.046,"revocationReasons":{"unspecified":6647605,"superseded":5460140,"cessationOfOperation":4419906,"privilegeWithdrawn":646308,"keyCompromise":270320,"affiliationChanged":102213,"certificateHold":25226,"cACompromise":35,"removeFromCRL":4,"aACompromise":1},"issuesByStore":{"microsoftOnly":54,"apple":13,"chrome":9,"mozilla":16},"casWithIssuesList":[{"ca":"A-Trust","status":"https_cert_expired","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"AC Camerfirma, S.A.","status":"stale","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Actalis","status":"timeout","in_apple":true,"in_chrome":true,"in_mozilla":true,"in_microsoft":true},{"ca":"Autoridad de Certificacion Firmaprofesional","status":"http_403","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"certSIGN","status":"http_404","in_apple":true,"in_chrome":true,"in_mozilla":true,"in_microsoft":true},{"ca":"ComSign","status":"issuer_mismatch","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Consejo General de la Abogac\u00eda Espa\u00f1ola","status":"url_inferred","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"e-commerce monitoring GmbH","status":"stale","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Entrust","status":"stale","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"GlobalSign nv-sa","status":"br_violation","in_apple":true,"in_chrome":true,"in_mozilla":true,"in_microsoft":true},{"ca":"GoDaddy","status":"tls_hostname_mismatch","in_apple":true,"in_chrome":false,"in_mozilla":true,"in_microsoft":true},{"ca":"Government of Brazil, Instituto Nacional de Tecnologia da Informa\u00e7\u00e3o (ITI)","status":"issuer_mismatch","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA)","status":"http_404","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Government of Japan, Digital Agency","status":"connection_error","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Government of Korea, KLID","status":"issuer_mismatch","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Government of Spain, F\u00e1brica Nacional de Moneda y Timbre (FNMT)","status":"parse_failed","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Government of The Netherlands, PKIoverheid (Logius)","status":"issuer_mismatch","in_apple":false,"in_chrome":false,"in_mozilla":true,"in_microsoft":true},{"ca":"Netlock","status":"br_violation","in_apple":false,"in_chrome":true,"in_mozilla":true,"in_microsoft":true},{"ca":"Notarius","status":"tls_hostname_mismatch","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Open Access Technology International, Inc. (OATI)","status":"issuer_mismatch","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Prvn\u00ed certifika\u010dn\u00ed autorita, a.s.","status":"https_cert_expired","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Saudi Data and Artificial Intelligence Authority (SDAIA)","status":"unknown","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"SI-TRUST","status":"https_cert_expired","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Thailand National Root Certificate Authority (Electronic Transactions Development Agency)","status":"http_403","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true},{"ca":"Zetes","status":"parse_failed","in_apple":false,"in_chrome":false,"in_mozilla":false,"in_microsoft":true}],"note":"CRL URLs are filed in CCADB by CA operators. issuer_mismatch means the wrong CRL URL is filed \u2014 CRLite/CRL Sets aggregators may miss revocations from that CA though CDP-fetching browsers are unaffected. br_violation means CRL validity window exceeds BR \u00a74.9.7 limits. Microsoft-only CAs are often government PKIs not governed by CA/B Forum BRs."}}