Am Freitag, 25. März 2011 11:18:34 schrieb Werner Koch: > On Fri, 25 Mar 2011 11:07, [email protected] said: > > Because it is not as easy as collecting some hardware components and > > because not as many people are intersted in the topic. > > And because such a list doesn't help. In a browser all CAs are > implicitly cross-certified. Thus a single not that well managed CA sets > the entire security level to its own.
The list would help so that people can make a concious decision about their minimum level of their set of root CAs. Yes, it is just one piece of the puzzle. In addition implementations must add more. > Even if all CAs would technically > and organizational work at par I am pretty sure that a government or a > bigcorp is able to convince its home CA to create a fraudulent certificate. Sure, though then I'd rather trust a root CA from the US or Germany then I would trust one from Libya. At least I can decide. -- FSFE -- Deputy Coordinator Germany (fsfeurope.org) Your donation makes our work possible: www.fsfeurope.org/help/donate.en.html
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
