> If this means users gets more power over what CAs to trust then that is a good thing.
Do you really think your average user is going to go into the browser and manually distrust root CAs? We have learned again and again that good security is "secure by default", not "secure after arcane configuration".
Do you really think your average user is going to go into the browser and manually distrust root CAs? We have learned again and again that good security is "secure by default", not "secure after arcane configuration".