The maintainers of the big web browsers have pretty strict rules for CAs in this list. If any one of them gets caught issuing only one certificate maliciously, they are out of business.
And all CAs are required to publish each certificate in multiple public, cryptographically signed ledgers.
Sure, there is a history of CAs issuing certificates to people that shouldn’t have them (e.g. for espionage), but that is almost impossible now.
cron@feddit.org 21 hours ago
The maintainers of the big web browsers have pretty strict rules for CAs in this list. If any one of them gets caught issuing only one certificate maliciously, they are out of business.
And all CAs are required to publish each certificate in multiple public, cryptographically signed ledgers.
Sure, there is a history of CAs issuing certificates to people that shouldn’t have them (e.g. for espionage), but that is almost impossible now.