CA safety (Re: Microsoft supporting tyrants?)
Werner Koch
wk at gnupg.org
Fri Mar 25 10:18:34 UTC 2011
On Fri, 25 Mar 2011 11:07, Torsten.Grote at fsfe.org said:
> Because it is not as easy as collecting some hardware components and because
> not as many people are intersted in the topic.
And because such a list doesn't help. In a browser all CAs are
implicitly cross-certified. Thus a single not that well managed CA sets
the entire security level to its own. Even if all CAs would technically
and organizational work at par I am pretty sure that a government or a
bigcorp is able to convince its home CA to create a fraudulent certificate.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Discussion
mailing list