|
Top-level
Even though this only covers the small percentage of domains that do set CAA records, I would not be surprised if the overall use of CAs across all domains followed a similar -- and similarly centralized -- distribution. (In some markets, regional players will play a bigger role; once again the inability to get access to all ccTLD zones makes this difficult to assess.) 5 comments
And that's it for today - thanks for playing "Whose Cert Is It Anyway?" โ๏ธ This thread is available as a blog post here: P.S.: This was the third blog post in a series on the centralization of the internet. Part 1, covering NS records, can be found here: Or, as a Twitter thread: Part 2, covering MX records, can be found here: Or as a Mastodon thread: |
Gregory's Server
So no, you probably could replace your giant trust bundle with fewer than... 20 or so root CA certs and not notice a difference, I'd guess.
But whether that's a good thing, whether it's wise for the entire internet to place all -- well, >99% -- of its certificates/eggs into fewer than 10 CAs/baskets seems more than questionable.