Certificate Authority Question

["Craig S. Wright" <craig.wright () Information-Defense com>]

Hello,
Based on some of the post I have seen, I would like to ask how many people
and organisations have removed untrusted CAs from their browsers. This is
not trusted by the browser, but ones you can yourself have some confidence
in?

There are several MD2 and MD5 root certs within IE. How many people have
deleted these from their browser?

How many people on the list allow all default root CAs as trusted? How many
have even thought about the consequences of leaving CNNIC and the Government
CA's from South America as trusted?

I would be interested to know as this is a security list. What occurs here
should be more secure than for the average person.
 
Regards,
...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------