On Wed, 20 Jul 2011 11:06:37 +0100 Nick <suckless-...@njw.me.uk> wrote:
> as mentioned trusting CAs (HTTPS) is > pretty problematic. This is more problematic, because there is no clear way of knowing which CAs your browser trust e.g. removing CNNIC (China Internet Network Information Center) doesn't help at all. CA can have child CA and child CA can have another child and so on. Just check map [1] of trusted CAs by Mozilla or Microsoft to get idea. SSL Observatory project [2] has found some interesting facts about HTTPS authentication model. [1] https://www.eff.org/files/colour_map_of_CAs.pdf [2] http://www.eff.org/observatory -- Paul Onyschuk <bl...@bojary.koba.pl>