[SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
Peter Eckersley
pde at eff.org
Mon Nov 7 11:54:56 PST 2011
- Previous message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Next message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On Mon, Nov 07, 2011 at 05:46:18PM +0100, Ralph Holz wrote:
>
> That's the point Phillip was referring, too. But the more interesting
> question to me seems here: if CAs = the companies operate sub-CAs, why
> do so many CA = companies have several root certificates in NSS?
I think everyone here agrees that multiple CA certificates does not equal
independent sub-CAs.
> The latest count of roots in NSS was 150+; and I remember someone from
> Mozilla recently mentioned that the number of companies is much lower, near
> 35-40 or so.
The Microsoft trusted root certificate program does a clearer job of
indicating which root CAs are controlled by which organizations.
https://social.technet.microsoft.com/wiki/contents/articles/2592.aspx
That latest version of that list appears to contain 320 root certs, with 111
organizations listed as controlling them. In a few instances, perhaps one
could argue that different listed organizations are potentially equivalent. For
instance, these two:
Government of Latvia, Latvian Post
Government of Latvia, Latvian State Radio & Television Centre (LVRTC)
But in a case like that I'm inclined to trust Microsoft's judgement in
determining that these CAs were controlled by different organizations.
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
- Previous message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Next message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Observatory
mailing list