CA safety (Re: Microsoft supporting tyrants?)

Bernhard Reiter reiter at
Wed Mar 23 08:46:26 UTC 2011

Am Dienstag, 22. März 2011 21:08:31 schrieb Thomas Jost:
> So this is really nothing new. And the issue is certainly not specific
> to Microsoft, it's really about trust in the CAs whose certificates are
> bundled with every browser

Also, any company operating in a country is to be expected to abide
to the laws of that country. Almost all countries have laws that include 
special exceptions for surveillance in case of law enforcement or "secret" 
services. If a company does not follow these laws, you have "the X breaks the 
law" discussion as well. So it is a difficult question.

Overall I believe companies should care more and refuse to just help
country "officials" when they act against very commonly accepted human rights,
for example not providing a fair trail.

As for the CA safety: This is an important issue. I think two things should 
happen: We need an initiative to evaluate root CAs and publish lists.
Also I think we should create a Free Software certificate checker that also 
uses these list, e.g. something like Gpg4win (I am one of the makers of 

More evaluations of implementations would also be useful and the ability
of browser to compare the last end certificate they saw.


FSFE -- Deputy Coordinator Germany                            (
Your donation makes our work possible:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Discussion mailing list