They have many names, such as ‘trusted root list’, ‘trusted root store’, ‘trust store’, ‘approved trust list’, etc. The PKI Consortium is curating a global List of Trust Lists (a list of root, intermediate or issuing CA certificates accepted by a public, private, industry, or solution-specific PKI), one that is not limited to a specific purpose, region or size, and is open to anyone to contribute.
Each list is documented as a YAML file and hosted in this repository. This makes it easier to read for humans while retaining version control and allowing systems to process and analyze the data.
Some lists will share a common purpose or audit regime, might be extensively documented, list policies, discussion groups, etc. Others focus on a specific purpose, region or use-case and might only have some basic information.
There are many trust lists and often there is little overlap or interoperability. With this project the PKI consortium is not only building a comprehensive list of trust lists but also a place where the industry can find each other, engage, share knowledge, policies and best practices to improve security, interoperability and mutual trust.
The PKI Consortium welcomes contributions and would like to engage in related activities from other organizations or stakeholders.
A trust list can be included on the List of Trust List of the PKI Consortium when it defines a list of CA certificates of different entities that provide trust for the intended purpose. The list is not limited to a specific purpose, region or size, and is open to anyone to contribute.
The PKI Consortium is not endorsing any of the trust lists included and does not validate the accuracy of the data, the quality of the trust lists included or the policy framework and supervision that supports them.
A trust list can be included on the List of Trust List of the PKI Consortium when:
- information about the trust list is publicly available on the internet
- the list is intended to distribute CA certificates for the use in a PKI system
- the list includes a CA certificate from at least two independent entities
It’s not required for a Trust List to:
- disclose all CA certificates included on the trust list
- have the inclusion covered by a policy or audit framework
The PKI Consortium does not endorse any of the trust lists included in the List of Trust Lists, nor does it validate the policies or quality of these lists. The PKI Consortium makes no representations or warranties regarding the accuracy, completeness, or reliability of these trust lists, and shall not be held liable for any damages resulting from their use. The inclusion of a trust list in the List of Trust Lists does not constitute an endorsement by the PKI Consortium. It is the responsibility of the user to carefully evaluate and verify the trustworthiness of any trust list before relying on it for any purpose.
We welcome and love contributions to this repository, please make sure you check the contribution guidelines.