"You Won’t Be Needing These Any More: On Removing Unused Certificates
From Trust Stores"
http://fc14.ifca.ai/papers/fc14_submission_100.pdf
I believe there are some errors in it, like the "1500 CAs and 650
organizations" one. The biggest error is probably the suggestion that
the Mozilla trust store does not have usage restrictions on certs (HTTPS
vs Email vs. Code Signing).
I'm also not sure how they suggest new CAs enter the market if everyone
does as they propose.
But it's an interesting paper. I would be interested to know which CAs
are in our root program and enabled for HTTPS and yet have not been seen
to sign a current HTTPS cert in their data set.
Gerv
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy