Should Mozilla Trust A Chinese CA?

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Feb 18, 2010.

  1. I’ve wondered before whether all CAs should be considered equally
    trustworthy or not
    <http://www.freedom-to-tinker.com/blog/felten/mozilla-debates-whether-trust-chinese-ca>.

    I think a likely solution is to let you assign different trust levels to the
    different CA certs you have installed. Then a site’s SSL cert can cause a
    different colour code to appear in the address bar, depending on the
    trustworthiness of the CA that signed it.
     
    Lawrence D'Oliveiro, Feb 18, 2010
    #1
    1. Advertisements

  2. Lawrence D'Oliveiro

    Richard Guest

    I dont like the idea of any CA being trusted by default.
     
    Richard, Feb 18, 2010
    #2
    1. Advertisements

  3. If you’re using a browser, then you’re already doing it.

    In Firefox/Iceweasel, go to Preferences, click the “Advanced†icon, then the
    “Encryption†tab, and under that the “View Certificates†button. In the
    dialog that opens, click the “Authorities†tab.

    Those are all the CA certificates you’re trusing by default—about a hundred
    of them.
     
    Lawrence D'Oliveiro, Feb 18, 2010
    #3
  4. Lawrence D'Oliveiro

    Simon Guest

    While this is an interesting idea, I'm not sure that this would work
    well for the average computer user. Mind you they'll probably just
    click through the cert installation and all warning dialogues anyway,
    so perhaps this won't be aimed at them.
     
    Simon, Feb 18, 2010
    #4
  5. For this reason, I think the default setting should be, as perverse as it
    sounds, “trust everythingâ€.
     
    Lawrence D'Oliveiro, Feb 18, 2010
    #5
  6. Lawrence D'Oliveiro

    Richard Guest

    I know, its quite worrying, and worse that more trust is shown with some
    of them.
     
    Richard, Feb 19, 2010
    #6
  7. Lawrence D'Oliveiro, Feb 23, 2010
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.