Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The full list of CAs with root certs in corporate browsers is fairly short. That's all that matters. If your CA isn't in $browser/$os cert root store then it's not going to be useful.

    $ ls -lathr /etc/ssl/certs/ | wc -l
    265
And of those far fewer are going to actually be giving out certs to human people. CAs are the chokepoint but I acknowledge that saying 'a handful' was hyperbolic. A few dozen.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: