Email or username:

Password:

Forgot your password?
Top-level
Jan Schaumann

So no, you probably could replace your giant trust bundle with fewer than... 20 or so root CA certs and not notice a difference, I'd guess.

But whether that's a good thing, whether it's wise for the entire internet to place all -- well, >99% -- of its certificates/eggs into fewer than 10 CAs/baskets seems more than questionable.

4 comments
Jan Schaumann replied to Jan

And that's it for today - thanks for playing "Whose Cert Is It Anyway?" โœŒ๏ธ

This thread is available as a blog post here:

netmeister.org/blog/caa-divers

Jan Schaumann replied to Jan

P.S.: This was the third blog post in a series on the centralization of the internet.

Part 1, covering NS records, can be found here:
netmeister.org/blog/nsauth-div

Or, as a Twitter thread:
twitter.com/jschauma/status/15

Go Up