Given a list of official CAs (e.g. trusted by Windows, MacOS, Linux), I'd love to see results of a poll asking what people recognize to be legit vs. rogue. (Hint: it's a *very* long list!)
Replying to @dcuthbert
There are two related problems here: 1) Out of the CAs that come built in to an OS, who knows how trustworthy they are? 2) Out of CAs that get installed on a system via software, they can claim to be whatever they want (e.g. "Verisign") https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html …pic.twitter.com/70pO2n9KOB
11:15 AM - 29 Nov 2019
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.