[Discuss] ssl certs
Edward Ned Harvey
blu at nedharvey.com
Mon Apr 2 10:36:03 EDT 2012
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Brendan Kidwell
>
> In an era where there are hundreds or thousands of uncounted and
> unregulated certificate providers that (AFAIK) can sign a cert for any
> domain in the world,
Ummm... One of us doesn't know what you're talking about. ;-)
If you go into any client (firefox, etc) or OS, there is a list of trusted
root CA's. For example right now I'm looking at Chrome Settings/Under the
Hood/Manage Certificates/Trusted Root CA. There are 34 roots listed. This
is very far from hundreds of thousands. Anything not signed by one of these
34 would be untrusted by my browser, so even if there are hundreds of
thousands of organizations out there claiming to be "an authority," that's
not what matters. My browser trusts 34 authorities, and no more.
More information about the Discuss
mailing list