|
|
Subscribe / Log in / New account

Herman: Shipping Rust in Firefox

Herman: Shipping Rust in Firefox

Posted Jul 14, 2016 16:20 UTC (Thu) by nybble41 (subscriber, #55106)
In reply to: Herman: Shipping Rust in Firefox by raven667
Parent article: Herman: Shipping Rust in Firefox

> ... all you are doing is making them [CAs] create a few hundred signing keys for each TLD, but otherwise with the same security implications.

The CAs can create all the certificates they want, just like anyone else; that's the easy part. These certificates won't be included in the operating system or browser's default trust stores unless the CA routinely issues proper certificates for the associated TLD. This changes the security implications considerably compared to the current situation where any CA can sign a certificate for any TLD and have it automatically trusted, even if the certificate is for "google.com" and the CA isn't considered trustworthy by anyone outside of China.

to post comments

Herman: Shipping Rust in Firefox

Posted Jul 14, 2016 19:34 UTC (Thu) by raven667 (subscriber, #5198) [Link]

> These certificates won't be included in the operating system or browser's default trust stores unless the CA routinely issues proper certificates for the associated TLD

But of course they all do and would continue to do so, which is why the overall risk is unchanged.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds