[Cryptography] hard to trust all those root CAs
Martin Rublik
martin.rublik at gmail.com
Mon Jul 21 02:12:29 EDT 2014
On 20. 7. 2014 7:45, grarpamp wrote:
...
> The mozilla bundle includes about 150. It would be nice if the
> new cert observatoris publish a count of how many end certs
> they see each root cert covers... a topN list of sorts. Then you
> could save some time by including the N of your choice into your
> 'empty by default' list. I think the distribution would be severly
> skewed to maybe top 10 or 15 covers most any place.
>
Here is one visualization http://notary.icsi.berkeley.edu/trust-tree/ and the
discussion as well
https://lists.eff.org/pipermail/observatory/2012-December/000669.html
Martin
More information about the cryptography
mailing list