CA safety (Re: Microsoft supporting tyrants?)
Bernhard Reiter
reiter at fsfeurope.org
Fri Mar 25 13:01:59 UTC 2011
Am Freitag, 25. März 2011 11:18:34 schrieb Werner Koch:
> On Fri, 25 Mar 2011 11:07, Torsten.Grote at fsfe.org said:
> > Because it is not as easy as collecting some hardware components and
> > because not as many people are intersted in the topic.
>
> And because such a list doesn't help. In a browser all CAs are
> implicitly cross-certified. Thus a single not that well managed CA sets
> the entire security level to its own.
The list would help so that people can make a concious decision about
their minimum level of their set of root CAs. Yes, it is just one piece of the
puzzle. In addition implementations must add more.
> Even if all CAs would technically
> and organizational work at par I am pretty sure that a government or a
> bigcorp is able to convince its home CA to create a fraudulent certificate.
Sure, though then I'd rather trust a root CA from the US or Germany
then I would trust one from Libya. At least I can decide.
--
FSFE -- Deputy Coordinator Germany (fsfeurope.org)
Your donation makes our work possible: www.fsfeurope.org/help/donate.en.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20110325/b68acb06/attachment.sig>
More information about the Discussion
mailing list