From: | Michael Orlitzky <michael@××××××××.com> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | Re: [gentoo-user] Internet security. | ||
Date: | Mon, 09 Sep 2013 13:48:23 | ||
Message-Id: | 522DD1A1.9020802@orlitzky.com | ||
In Reply to: | Re: [gentoo-user] Internet security. by Adam Carter |
1 | On 09/09/2013 02:50 AM, Adam Carter wrote: |
2 | > [2] |
3 | > http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php |
4 | > . |
5 | > |
6 | > |
7 | > I like to state some of what you say here as "website certificates are |
8 | > only as trusted as the LEAST trustworthy CA in the trusted certificate |
9 | > store" |
10 | |
11 | Right, and most of them you wouldn't even consider trustworthy a priori. |
12 | If the NSA can hack or "persuade" *any* of them, every single website on |
13 | the net is compromised. |
14 | |
15 | Here's a list of the ones included with Firefox: |
16 | |
17 | http://www.mozilla.org/projects/security/certs/included/index.html |
18 | |
19 | The ones in the USA, we already know, can be forced to do whatever under |
20 | gag order. Of the ones outside the USA, well, I see a couple that belong |
21 | to countries where I would be executed for the things I did this weekend. |