On Wed, 20 Jul 2011 11:06:37 +0100
Nick <suckless-dev_AT_njw.me.uk> wrote:
> as mentioned trusting CAs (HTTPS) is
> pretty problematic.
This is more problematic, because there is no clear way of knowing
which CAs your browser trust e.g. removing CNNIC (China Internet
Network Information Center) doesn't help at all.
CA can have child CA and child CA can have another child and so on.
Just check map [1] of trusted CAs by Mozilla or Microsoft to get idea.
SSL Observatory project [2] has found some interesting facts about
HTTPS authentication model.
[1] https://www.eff.org/files/colour_map_of_CAs.pdf
[2] http://www.eff.org/observatory
-- Paul Onyschuk <blink_AT_bojary.koba.pl>Received on Wed Jul 20 2011 - 15:29:58 CEST
This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 16:00:05 CEST