|
|
|
|
|
|
by denton-scratch
961 days ago
|
|
|
> Can't individuals (on their local systems) just blacklist those root CAs independently of the browsers? The problem (for me at least) is deciding which of the 200-odd roots I want to distrust. If a root has a name that I can't decipher because it's in foreign, that's easy. But most roots have cryptic names, and there's no standard way of finding out who operates a given root, who audits it, or who that root is allowed to issue certs for. Perhaps there's a market for an open-source root-store editor, that annotates each root with a plain-language description, including stuff like how many certs it has issued, and how many frauds and cock-ups it's been responsible for. |
|
|