CA safety (Re: Microsoft supporting tyrants?)

• Previous message (by thread): CA safety (Re: Microsoft supporting tyrants?)
• Next message (by thread): CA safety (Re: Microsoft supporting tyrants?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Freitag, 25. März 2011 11:18:34 schrieb Werner Koch:
> On Fri, 25 Mar 2011 11:07, Torsten.Grote at fsfe.org said:
> > Because it is not as easy as collecting some hardware components and
> > because not as many people are intersted in the topic.
>
> And because such a list doesn't help.  In a browser all CAs are
> implicitly cross-certified.  Thus a single not that well managed CA sets
> the entire security level to its own. 

The list would help so that people can make a concious decision about
their minimum level of their set of root CAs. Yes, it is just one piece of the 
puzzle. In addition implementations must add more.

> Even if all CAs would technically 
> and organizational work at par I am pretty sure that a government or a
> bigcorp is able to convince its home CA to create a fraudulent certificate.

Sure, though then I'd rather trust a root CA from the US or Germany
then I would trust one from Libya. At least I can decide.

-- 
FSFE -- Deputy Coordinator Germany                            (fsfeurope.org)
Your donation makes our work possible:  www.fsfeurope.org/help/donate.en.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20110325/b68acb06/attachment.sig>

• Previous message (by thread): CA safety (Re: Microsoft supporting tyrants?)
• Next message (by thread): CA safety (Re: Microsoft supporting tyrants?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]