BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] root CA bloat
- Subject: [Discuss] root CA bloat
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- Date: Sun, 23 Nov 2014 16:31:44 +0000
- In-reply-to: <546FC87F.1090203@gmail.com>
- References: <546C4823.6060900@gmail.com> <BN3PR0401MB1204BAB10AE6249C54E4E81BDC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <546D7B55.70903@gmail.com> <BN3PR0401MB1204E9F1CF304F6724855281DC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <546FC87F.1090203@gmail.com>
> From: Tom Metro [mailto:tmetro+blu at gmail.com] > > I think what would be practical is not eliminating all the obscure CAs, > but having the cert validation area on the address bar show orange or > yellow or something to indicate that a valid cert was found, but that it > was issued by a less known provider, I would be in favor of eliminating the Chinese government from the CA list. The color indicator indicating "how much" I trust some particular CA isn't practical, but the problem extends a little further - There are class 1 and class 2 certs, and higher, but of course there's no differentiation client-side. It's simply "Ok" or "Not Ok." So the question of "how much I trust" some particular cert is an interesting question - extending not just to which CA issued the cert, but other factors as well, including the class of the cert, the cipherspec, key strength, etc. It would be interesting to come up with some meaningful indicator or behavioral difference client-side, based on level of trust for a given cert.
- Follow-Ups:
- [Discuss] root CA bloat
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] root CA bloat
- References:
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] root CA bloat
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- Prev by Date: [Discuss] root CA bloat
- Next by Date: [Discuss] root CA bloat
- Previous by thread: [Discuss] root CA bloat
- Next by thread: [Discuss] root CA bloat
- Index(es):