all 5 comments

[–]aplaceatthedq 7 points8 points ago

I let my dog sniff all my certificates cause she seems to be an excellent judge of character

Whenever I drive pass the verisign building I always imagine the entire building is a giant mission impossible style vault with the root certificate for the entire Internet on a gold plated thumb drive in the center.

[–]devtesla 6 points7 points ago

no don't don't question it!! it'll all come crashing down!!!

[–]hoppet 6 points7 points ago

I know this is probably kind of a joke post but it does raise an interesting question. So the way i see it, it's either that or trust no one...

Letting a system trust a root certificate isn't an end-all-be-all of security, and doesn't mean you yourself trust that certificate authority. It's more just another measure to make things less dangerous.

CAs make it their business to try their best to establish trust, but that can only go so far. You could think of accepting certs from a CA as not a binary trust/not trust, but more a certain degree of trust. When talking about security you need to be wary of attacks from any angle, including one on a CA. It's just another element of what should be a multi-faceted security strategy.

[–]oakreef[S] 3 points4 points ago

But like as a user I'm not asked or informed about this in any way. It's all obscured and there's no attempt to educate people about this. Checking my mac there's dozens of certs that came default with the system some of which don't expire for thirty years. None of the companies behind these certs have done anything to establish trust with me, only with Apple and I have no reason to trust Apple's judgement in the matter. Who the hell are QuoVadis and why do I have 6 certs from them?

[–]flabberghaster 5 points6 points ago

Cuz, c'mon be cool