I'd like to request the creation of two new reports in CCADB:
1) A list of all (root) CA Certificates which are Included in any of the four tracked root programs (Apple, Google Chrome, Microsoft, Mozilla). Today I see reports for Microsoft, Mozilla, Microsoft && Mozilla, and Microsoft || Mozilla, but not reports which include the Apple and Chrome inclusion bits.
2) A list of all Subordinate CA Certificates which chain up to any CA Certificate returned by the first report. This may be identical to the existing "All Public Intermediate Certs" report, but it looks to me like that only filters on revocation status, not on whether the cert chains up to a publicly-trusted root, and thus I believe the existing report may include intermediates which chain up to no-longer-trusted roots.
I believe that these reports would be useful as a one-stop-shop for the overall state of the webpki. Additionally, I think they would be very useful to CT log operators as lists of all roots that the CT log should accept submissions for.
Do others think these reports would be useful? What all needs to happen in order for them to be created?
Thanks!
Aaron