So no, you probably could replace your giant trust...

So no, you probably could replace your giant trust bundle with fewer than... 20 or so root CA certs and not notice a difference, I'd guess.

But whether that's a good thing, whether it's wise for the entire internet to place all -- well, >99% -- of its certificates/eggs into fewer than 10 CAs/baskets seems more than questionable.

Like 14 May 2023 at 20:11 | Open on mstdn.social

4 comments

Jan Schaumann replied to Jan

And that's it for today - thanks for playing "Whose Cert Is It Anyway?" ✌️

This thread is available as a blog post here:

https://www.netmeister.org/blog/caa-diversity.html

14 May 2023 at 20:12 | Open on mstdn.social

Jan Schaumann replied to Jan

P.S.: This was the third blog post in a series on the centralization of the internet.

Part 1, covering NS records, can be found here:
https://www.netmeister.org/blog/nsauth-diversity.html

Or, as a Twitter thread:
https://twitter.com/jschauma/status/1592725563139145728

14 May 2023 at 20:13 | Open on mstdn.social

Jan Schaumann replied to Jan

Part 2, covering MX records, can be found here:
https://www.netmeister.org/blog/mx-diversity.html

Or as a Mastodon thread:
https://mstdn.social/@jschauma/109996845833897477

14 May 2023 at 20:14 | Open on mstdn.social

Jan Schaumann replied to Jan

El fin. 🧵🔚

14 May 2023 at 20:15 | Open on mstdn.social

Go Up