|
|
|
|
|
|
by tbrownaw
4724 days ago
|
|
|
It's not about extra verification, it's about reducing the attack surface. If your browser trusts 100 different CAs, I can MITM you after compromising any one of those 100. If you only actually use 10 of them, then you can remove the other 90 from your trusted list and make my (the attackers') job 10x harder. More-or-less regardless of which individual CAs take security a bit more seriously than the others, since they're all held to a reasonable minimum standard. |
|
|
Except the ones that are too big to fail right?
https://bugzilla.mozilla.org/show_bug.cgi?id=647959