Indeed. Our SSL Observatory project has shown that there are some 1400 subordinate CAs, managed by about 600 organizations. Currently the only ways to mitigate this situation are browser plugins (e.g. Perspectives, Cert Patrol) and minimizing the trust root. Neither are available on Android --- but at least we have the source. On Mar 11, 2011 8:49 AM, "peterw" <[email protected]> wrote:
-- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
