Re: Number of CAs (was: Mandatory encryption as part of HTTP2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Nov 16, 2013 at 12:35 PM, SM <sm@xxxxxxxxxxxx> wrote:
Hi Phillip, Ted,
At 19:11 15-11-2013, Phillip Hallam-Baker wrote:
Actually as has been demonstrated repeatedly, the EFF has been deceptive bordering on outright dishonesty about the 600 CAs. Over 300 of what they identified as separate CAs are all run by a single organization that hands out certs to educational institutions in Germany. There is only one CA with separate intermediate certs for each institution. At least 200 of the other certificates they identify as 'CAs' have a similar origin.

I don't have any material interest in the EFF or any CA.

I did a quick check and I found 165 CAs.  I didn't look into the details of the number of CAs linked to a single organization.

But as is well known, many CAs own multiple embedded roots, typically three or four brands per large CA and each brand often has several roots. The conclusion that the EFF has been peddling is that there are 600 parties that can introduce spurious certs, this is not what their evidence demonstrates. 

My point was that like the 'Gore claimed to invent internet meme' this has become a zombie lie that is repeated by people despite the fact that it has been repeatedly shown to be false. People like to believe it because it reinforces their prejudices but that does not make it true.

We should not be making policy decisions on the basis of zombie lies.

--
Website: http://hallambaker.com/

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]