{"id":169,"date":"2008-05-08T15:32:58","date_gmt":"2008-05-08T15:32:58","guid":{"rendered":"http:\/\/blog.stmellion.org\/?p=169"},"modified":"2008-05-08T15:32:58","modified_gmt":"2008-05-08T15:32:58","slug":"who-do-i-trust","status":"publish","type":"post","link":"https:\/\/blog.stmellion.org\/?p=169","title":{"rendered":"Who do I trust?"},"content":{"rendered":"<p>I recently read an <a href=\"http:\/\/www.links.org\/wp-trackback.php?p=321\">excellent article<\/a> by Ben Laurie that proposes methods that evil companies like <a href=\"http:\/\/www.phorm.com\/\">Phorm<\/a> could use to intercept SSL communications.  This got me thinking about whom I actually trust when I&#8217;m using the Web.<\/p>\n<p>Most people install an Operating System and simply trust whatever Certificate Authorities it happens to come with.  A quick check on my <a href=\"http:\/\/www.debian.org\">Debian<\/a> box reveals a list of 284 certificates that I have in effect placed complete faith in.  That&#8217;s a lot of blind faith, especially when many of those certificates are owned by companies like <a href=\"http:\/\/www.timewarner.com\/\">AOL Time Warner<\/a> whom I have no faith in at all.  I&#8217;m intrigued to understand what the secure approach to this problem actually is.  Should I delete all those CA certificates from my browsers and check them out individually as and when I visit an SSL site?  Not an easy proposition as it&#8217;s hard to make an educated assessment.  It would be interesting to know how many CA&#8217;s I would end up with if I took this approach.  I bet it&#8217;s a lot less than 284.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I recently read an excellent article by Ben Laurie that proposes methods that evil companies like Phorm could use to intercept SSL communications. This got me thinking about whom I actually trust when I&#8217;m using the Web. Most people install an Operating System and simply trust whatever Certificate Authorities it happens to come with. A&hellip; <a class=\"more-link\" href=\"https:\/\/blog.stmellion.org\/?p=169\">Continue reading <span class=\"screen-reader-text\">Who do I trust?<\/span><\/a><\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[],"class_list":["post-169","post","type-post","status-publish","format-standard","hentry","category-security","entry"],"_links":{"self":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=169"}],"version-history":[{"count":0,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/169\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}