So no, you probably could replace your giant trust...

All posts Jan's posts Post Back to profile

So no, you probably could replace your giant trust bundle with fewer than... 20 or so root CA certs and not notice a difference, I'd guess.

But whether that's a good thing, whether it's wise for the entire internet to place all -- well, >99% -- of its certificates/eggs into fewer than 10 CAs/baskets seems more than questionable.

Like 14 May 2023 at 20:11 | Open on mstdn.social

4 comments

Jan Schaumann replied to Jan

And that's it for today - thanks for playing "Whose Cert Is It Anyway?" ✌️

This thread is available as a blog post here:

https://www.netmeister.org/blog/caa-diversity.html

14 May 2023 at 20:12 | Open on mstdn.social

Jan Schaumann replied to Jan

P.S.: This was the third blog post in a series on the centralization of the internet.

Part 1, covering NS records, can be found here:
https://www.netmeister.org/blog/nsauth-diversity.html

Or, as a Twitter thread:
https://twitter.com/jschauma/status/1592725563139145728

14 May 2023 at 20:13 | Open on mstdn.social

Jan Schaumann replied to Jan

Part 2, covering MX records, can be found here:
https://www.netmeister.org/blog/mx-diversity.html

Or as a Mastodon thread:
https://mstdn.social/@jschauma/109996845833897477

14 May 2023 at 20:14 | Open on mstdn.social

Jan Schaumann replied to Jan

El fin. 🧵🔚

14 May 2023 at 20:15 | Open on mstdn.social

Go Up