Archives
Archives
| From: | Michael Orlitzky <michael@××××××××.com> | ||
|---|---|---|---|
| To: | gentoo-user@l.g.o | ||
| Subject: | Re: [gentoo-user] Internet security. | ||
| Date: | Mon, 09 Sep 2013 13:48:23 | ||
| Message-Id: | 522DD1A1.9020802@orlitzky.com | ||
| In Reply to: | Re: [gentoo-user] Internet security. by Adam Carter |
||
| 1 | On 09/09/2013 02:50 AM, Adam Carter wrote: |
| 2 | > [2] |
| 3 | > http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php |
| 4 | > . |
| 5 | > |
| 6 | > |
| 7 | > I like to state some of what you say here as "website certificates are |
| 8 | > only as trusted as the LEAST trustworthy CA in the trusted certificate |
| 9 | > store" |
| 10 | |
| 11 | Right, and most of them you wouldn't even consider trustworthy a priori. |
| 12 | If the NSA can hack or "persuade" *any* of them, every single website on |
| 13 | the net is compromised. |
| 14 | |
| 15 | Here's a list of the ones included with Firefox: |
| 16 | |
| 17 | http://www.mozilla.org/projects/security/certs/included/index.html |
| 18 | |
| 19 | The ones in the USA, we already know, can be forced to do whatever under |
| 20 | gag order. Of the ones outside the USA, well, I see a couple that belong |
| 21 | to countries where I would be executed for the things I did this weekend. |