BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] root CA bloat
- Subject: [Discuss] root CA bloat
- From: tmetro+blu at gmail.com (Tom Metro)
- Date: Fri, 21 Nov 2014 18:19:27 -0500
- In-reply-to: <BN3PR0401MB1204E9F1CF304F6724855281DC760@BN3PR0401MB1204.namprd04.prod.outlook.com>
- References: <546C4823.6060900@gmail.com> <BN3PR0401MB1204BAB10AE6249C54E4E81BDC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <546D7B55.70903@gmail.com> <BN3PR0401MB1204E9F1CF304F6724855281DC760@BN3PR0401MB1204.namprd04.prod.outlook.com>
Edward Ned Harvey (blu) wrote: > Look at the list of CA's on Mozilla's list, and look at their process > for accepting CA's (and read that link about Honest Achmed, which is > hilarious https://bugzilla.mozilla.org/show_bug.cgi?id=647959 ) Heh. It's a joke application to add a root certificate for "Honest Achmed's Used Cars and Certificates", which includes this: Achmed's business plan is to sell a sufficiently large number of certificates as quickly as possible in order to become too big to fail (see "regulatory capture"), at which point most of the rest of this application will become irrelevant. (The ticket was marked "resolved invalid.") > Mozilla and Apple are basically the sluts of CA's. They take any > damn thing from anybody. Has anyone created an extension for Firefox that trims down the cert list to something like the top 50 cert providers? I think what would be practical is not eliminating all the obscure CAs, but having the cert validation area on the address bar show orange or yellow or something to indicate that a valid cert was found, but that it was issued by a less known provider, so if you are connection to your US-based bank, or Amazon, or Google and you see this this, then you should be cautious. -Tom -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/
- Follow-Ups:
- [Discuss] root CA bloat
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] root CA bloat
- References:
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- Prev by Date: [Discuss] free SSL certs from the EFF
- Next by Date: [Discuss] root CA bloat
- Previous by thread: [Discuss] free SSL certs from the EFF
- Next by thread: [Discuss] root CA bloat
- Index(es):