On Sat, Jul 19, 2014 at 5:03 PM, John Denker <jsd@av8n.com> wrote:

AFAICT, a lot of existing protocols were designed to resist passive eavesdropping. In contrast, the idea of large-scale MITM attacks was sometimes considered tin-foil-hat paranoia. To this day, standard Ubuntu Firefox trusts 162 different authorities (including the Hong Kong Post Office) to certify /anything and everything/.

In the /usr/share/ca-certificates/mozilla directory, only one of 163 root certificates has any v3 Name Constraints at all. Why Ubuntu and Firefox tolerate this is beyond me; I can understand trusting Microsoft to sign Microsoft-related stuff, but allowing them to sign /anything and everything/ ?!????!!

The mozilla bundle includes about 150. It would be nice if the new cert observatoris publish a count of how many end certs they see each root cert covers... a topN list of sorts. Then you could save some time by including the N of your choice into your 'empty by default' list. I think the distribution would be severly skewed to maybe top 10 or 15 covers most any place.