[csears]

This seems ok if you have a tech-savvy user base that understands how to re-add a root certificate if they later hit a legitimate site using one of the removed root certs. If you user base isn't that savvy, I'm afraid you would just be training them to ignore SSL errors, which is not great.

Also, I assume the OS and browser vendors do some sort of verification before adding a CA to their list of root certs. Is the message that we shouldn't trust their verification efforts? If so, we should probably use something other than popularity to do our own independent verification.

[tbrownaw]

It's not about extra verification, it's about reducing the attack surface.

If your browser trusts 100 different CAs, I can MITM you after compromising any one of those 100. If you only actually use 10 of them, then you can remove the other 90 from your trusted list and make my (the attackers') job 10x harder. More-or-less regardless of which individual CAs take security a bit more seriously than the others, since they're all held to a reasonable minimum standard.

[raylu]

"since they're all held to a reasonable minimum standard."

Except the ones that are too big to fail right?

https://bugzilla.mozilla.org/show_bug.cgi?id=647959

[zokier]

> then you can remove the other 90 from your trusted list and make my (the attackers') job 10x harder

or possibly infinitely easier if the users become accustomed to accept ssl errors due lacking root certs.

[dfc]

Mozilla and others have done some verification. They verified that the CNNIC root does belong to the chinese government.[1] In light of that verification do you want to allow CNNIC to attest to the validity of the certificate for your favorite vendor/webmail/employer?

[1] http://www.mozilla.org/projects/security/certs/included/#CNN...