Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] root CA bloat



> From: Tom Metro [mailto:tmetro+blu at gmail.com]
> 
> I think what would be practical is not eliminating all the obscure CAs,
> but having the cert validation area on the address bar show orange or
> yellow or something to indicate that a valid cert was found, but that it
> was issued by a less known provider, 

I would be in favor of eliminating the Chinese government from the CA list.

The color indicator indicating "how much" I trust some particular CA isn't practical, but the problem extends a little further - There are class 1 and class 2 certs, and higher, but of course there's no differentiation client-side.  It's simply "Ok" or "Not Ok."  So the question of "how much I trust" some particular cert is an interesting question - extending not just to which CA issued the cert, but other factors as well, including the class of the cert, the cipherspec, key strength, etc.

It would be interesting to come up with some meaningful indicator or behavioral difference client-side, based on level of trust for a given cert.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org