On 09/09/2013 02:50 AM, Adam Carter wrote: > [2] > > http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php > . > > > I like to state some of what you say here as "website certificates are > only as trusted as the LEAST trustworthy CA in the trusted certificate > store"
Right, and most of them you wouldn't even consider trustworthy a priori. If the NSA can hack or "persuade" *any* of them, every single website on the net is compromised. Here's a list of the ones included with Firefox: http://www.mozilla.org/projects/security/certs/included/index.html The ones in the USA, we already know, can be forced to do whatever under gag order. Of the ones outside the USA, well, I see a couple that belong to countries where I would be executed for the things I did this weekend.
