[Cryptography] Well, that only took ten years

Salz, Rich rsalz at akamai.com
Fri Aug 16 15:24:24 EDT 2019

>    Browser makers ship an absurdly long list of "trusted CA's" because ... a browser without *some* list of "trusted CA's" is worthless.  The makers are effectively vouching for the CA's by including them - though they are very, very careful to disclaim any responsibility here, which is why they end up accepting pretty much anyone who claims to be a CA.
Absurd by what metric?  The browser is most of the world's gateway to the Web, or as most folks call it, the Internet.  Based on https://nabla-c0d3.github.io/blog/2018/01/16/trust-stores-observatory/, Apple has 174 CA's, Google has 137, Mozilla has 139, and Microsoft has 292.  For around 1Bn websites, that's not unreasonable to get to most of them. (The one billion number comes from a web search of "how big is the internet")

Second, "accepting pretty much anyone" has not been true for years.  I suggest you look at recent messages in "mozilla.dev.security.policy" email/google-group and https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/  

>    There's a common mistake in reasoning about security composition:  I don't want to rely on my browser maker for both the code and the certs - it's safer to split the responsibilities.

You are in the immeasurably small fraction of the fraction of the userbase that it's not even measurable.  For most of the billions, the safest thing to do is have a program backed by a responsible organization, that does auto-updates.

>simply having the browser makers ship the actual public keys for, say, the top 100,000 sites.

And for the remaining hundreds of millions?  We've got enough centralization already, don't we? 

More information about the cryptography mailing list