On Sun, 2013-02-10 at 12:38 +0100, Florian Weimer wrote: > * Ben Hutchings: > > > According to > > <https://www.globalsign.com/certificate-authority-root-signing/>, any > > organisation may buy a secondary CA certificate signed by one of > > GlobalSign's root CA certificates. These should therefore not be > > trusted by default. > > This is actually true for many of the roots. > > You should bring this up on the Mozilla lists, I think.
I know that many CAs issue secondaries to other organisations. The question then is how careful they are about vetting and auditing the other organisations. This page and the linked 'datasheet' basically say 'pay us to make your internal CA trusted by everyone'. Ben. -- Ben Hutchings I'm always amazed by the number of people who take up solipsism because they heard someone else explain it. - E*Borg on alt.fan.pratchett
signature.asc
Description: This is a digitally signed message part
