CA safety (Re: Microsoft supporting tyrants?)

Werner Koch wk at
Fri Mar 25 10:18:34 UTC 2011

On Fri, 25 Mar 2011 11:07, Torsten.Grote at said:

> Because it is not as easy as collecting some hardware components and because 
> not as many people are intersted in the topic.

And because such a list doesn't help.  In a browser all CAs are
implicitly cross-certified.  Thus a single not that well managed CA sets
the entire security level to its own.  Even if all CAs would technically
and organizational work at par I am pretty sure that a government or a
bigcorp is able to convince its home CA to create a fraudulent certificate.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Discussion mailing list