On Fri, 25 Mar 2011 11:07, [email protected] said: > Because it is not as easy as collecting some hardware components and because > not as many people are intersted in the topic.
And because such a list doesn't help. In a browser all CAs are implicitly cross-certified. Thus a single not that well managed CA sets the entire security level to its own. Even if all CAs would technically and organizational work at par I am pretty sure that a government or a bigcorp is able to convince its home CA to create a fraudulent certificate. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
