Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security

+ - A month with only 10 trusted root CA certificates-> 1

Submitted by krypticmind
krypticmind (1369357) writes "Researcher Nasko Oskov from netsekure.org has spent 30 days trusting only 10 CA root certificates in his browser and details the findings in his blog. "It was an interesting one month and I’ve learned a bunch. The main takeaway from this experiment is that I don’t need 3 digit number of trusted CAs in my browser." This comes after previous concerns on breaking the chain of trust for certificates here (http://yro.slashdot.org/story/10/03/26/1334254/Government-Could-Forge-SSL-Certificates)."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

A month with only 10 trusted root CA certificates

Comments Filter:
  • As Christopher Soghoian and Sid Stamm point out in their recent paper [cloudprivacy.net] regarding man-in-the-middle attacks on SSL, apps like IE that rely on Windows' Trusted Store will reach out to a Microsoft server to decide whether a CA is trusted. So the short list of CAs you might see in IE's UI isn't anywhere near the whole story:

    Thus, any web browser that depends upon Microsoft's Trusted Root Store (such as Internet Explorer, Chrome and Safari for Windows) ultimately trusts 264 different CAs to issue certicates with

What this country needs is a good five dollar plasma weapon.

Working...