Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There’s a handful of commonly used CAs, but the full list of CAs is very long.


The full list of CAs with root certs in corporate browsers is fairly short. That's all that matters. If your CA isn't in $browser/$os cert root store then it's not going to be useful.

    $ ls -lathr /etc/ssl/certs/ | wc -l
    265
And of those far fewer are going to actually be giving out certs to human people. CAs are the chokepoint but I acknowledge that saying 'a handful' was hyperbolic. A few dozen.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: