~3 users here now
For technology and gadgetry.
why the hell should I trust any of the root certificate signing authorities anyway? (self.technology)
submitted 1 month ago by oakreef
[–]aplaceatthedq 7 points8 points9 points 1 month ago
I let my dog sniff all my certificates cause she seems to be an excellent judge of character
Whenever I drive pass the verisign building I always imagine the entire building is a giant mission impossible style vault with the root certificate for the entire Internet on a gold plated thumb drive in the center.
[–]devtesla 6 points7 points8 points 1 month ago
no don't don't question it!! it'll all come crashing down!!!
[–]hoppet 6 points7 points8 points 1 month ago
I know this is probably kind of a joke post but it does raise an interesting question. So the way i see it, it's either that or trust no one...
Letting a system trust a root certificate isn't an end-all-be-all of security, and doesn't mean you yourself trust that certificate authority. It's more just another measure to make things less dangerous.
CAs make it their business to try their best to establish trust, but that can only go so far. You could think of accepting certs from a CA as not a binary trust/not trust, but more a certain degree of trust. When talking about security you need to be wary of attacks from any angle, including one on a CA. It's just another element of what should be a multi-faceted security strategy.
[–]oakreef[S] 3 points4 points5 points 1 month ago
But like as a user I'm not asked or informed about this in any way. It's all obscured and there's no attempt to educate people about this. Checking my mac there's dozens of certs that came default with the system some of which don't expire for thirty years. None of the companies behind these certs have done anything to establish trust with me, only with Apple and I have no reason to trust Apple's judgement in the matter. Who the hell are QuoVadis and why do I have 6 certs from them?
[–]flabberghaster 5 points6 points7 points 1 month ago
Cuz, c'mon be cool
REDDIT and the ALIEN Logo are registered trademarks of reddit inc.
all it takes is a username and password
is it really that easy? only one way to find out...
already have an account and just want to login?
π Rendered by PID 30744 on fempireactual at 2017-09-25 13:19:22.986822+00:00 running d7a6e7e.