On Fri, 25 Mar 2011 14:01, [email protected] said: > The list would help so that people can make a concious decision about > their minimum level of their set of root CAs. Yes, it is just one piece of > the > puzzle. In addition implementations must add more.
There is no need to make such a decision. The browser already made the decision by including that many root CAs. It doesn't matter which one you use - use the cheapest one it you want one at all. Of course I assume that the user won't go over the list of root CAs and delete almost all of them. Barely nobody does that. > Sure, though then I'd rather trust a root CA from the US or Germany > then I would trust one from Libya. At least I can decide. You can't. A (say) Chinese root CA has the same level of trustworthiness as a German one. IIRC, there is a plugin which does some heuristics to decide whether a CA is plausible for a given URL, but that is merely a kludge to overcome obviously "faked" certificates. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
