Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If I were interested in assembling an authoritative, up-to-date list of trusted CAs, would be reasonable to source lists from the major trust store providers and select only those CAs trusted by all of them? I know it's possible to be a lot more sophisticated and that even that can be flawed, but I'm hunting for a simple-to-follow criteria for now.


The CCADB tracks the various root programs, so you could do this today[1]. In practice however I think you’d be best off just using the Mozilla root program; I believe they’re as (if not more) strict than the corporate root programs in terms of inclusion.

[1]: https://www.ccadb.org/


Sounds like we need a certificate authority authority.


They exist: they're the Google and Mozilla root programs.


Bickering will just result in having multiple authorities.

This can be solved with a certificate authority authority authority.

The first will be named CARTMAN and must be respected by all.


I propose:

  public class CertificateAuthorityFactory{




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: