Re: HTTPS everywhere!
- To: email@example.com
- Subject: Re: HTTPS everywhere!
- From: Jakub Wilk <firstname.lastname@example.org>
- Date: Sat, 21 Jun 2014 16:59:04 +0200
- Message-id: <[🔎] 20140621145827.GA774@jwilk.net>
- Mail-followup-to: email@example.com
- In-reply-to: <firstname.lastname@example.org>
- References: <email@example.com> <20140612085609.GA3826@jwilk.net> <firstname.lastname@example.org> <email@example.com> <53A032AB.firstname.lastname@example.org> <20140618130058.GA17973@ypig.lip.ens-lyon.fr> <email@example.com> <firstname.lastname@example.org> <email@example.com>
* Tollef Fog Heen <firstname.lastname@example.org>, 2014-06-21, 16:43:
And if your concern is that a Debian CA could be used to forge
certificates for non-Debian stuff... given that we have >150 root
certs in the Mozilla bundle... many of them already completely
untrustworthy and many of them probably introducing intermediate CAs
which are even less trustworthy... I wouldn't worry a lot here.
If they are completely untrustworthy, I'd like to see bugs with
documentation for that statement being filed so we can fix it.
We'll use super cow powers to coerce CAs into trustworthiness.