![]() ![]() I honestly see no reason for SSL to work a browser have to have a list of 130-150 CA's on file (default Root+Intermediate CA listing on Windows). Note: Your NPS username, your remote computer address, and the time of this transaction will be recorded internally for auditing purposes. 'LE' and similar services should then be managed by a non-profit or a handful of those maybe for each region and just be done with it, the CA list is already too big and it's already near impossible to figure out who owns what besides the <10 big players. Question regarding specific software or problems logging into the site Contact the NPS Technology Assistance Center for further help. To my knowledge I do not know of any case on which that insurance has ever been successfully claimed so this entire premise should be just killed off completely. ![]() It's not a question of insurance rather than a technical issue since you still get an 'n' figures "fraud" insurance when you purchase validated SSL certificates from commercial CA's and some standards require you to use them rather than LE and the likes. Get started by downloading Local for free (available for Mac, Windows, and Linux). Overall with things like LetsEncrypt I hope that the CA/SSL Cert industry would get disrupted enough for most if not all commercial CA's to simply become irrelevant. ![]() When you count the benefit / usefulness of this change which is very little to null and compare it to the possibility of it being abused as well as the precedent of adding "internal" certificate authorities to the global trust list I see a pretty solid argument against this. gov sites are "secured" with commercial CA certificates so they aren't even part of the argument. This would literally benefit no one as anyone with any interest in accessing those websites would install the certificate. Private/Internal/Enterprise CA's are intentionally out of the ring of trust for SSL certificates, there is no need to give the DoD any preferential treatment. Revoking CA's is considerably harder than you think it might work for you but it might not work for the tons of people that do not update their browsers or operating systems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |