CertificatesAutorities.md (1226B)
- ## CACert.org
- -recomendations: Medium
- - SHA1 Fingerprint
- - no ECC certificates
- -signed: 1024D OpenPGP on SHA1 fingerprint
- -verification:
- - domains aren’t checked for modifications (verifies only once)
- - uses hardcoded/whois’ed emails… not so secure (let’s register every {admin,root,webmaster}@host with public registeration)
- ## immerda.ch
- -note: There is something about Let’s Encrypt on the website, I hope they keep their CA until Let’s Encrypt is more trustable
- -recomendations: OK
- -signed: OpenPGP on root
- -verification: unknow
- ## sks-keyservers.net
- -recomendations: OK
- -signed: OpenPGP on root
- -verification: OK(only for keyservers)
- ## hackint.org
- -signed: OpenPGP on root
- -recomendations: OK
- -verification: OK(only for hackint.org)
- ## LetsEncrypt.org
- -note: is probably too big[1], legalities are horrible (but you don’t actually accept them knownfully)
- -recomendations: OK
- -signed: No
- -verification: OK(ACME)
- ## IdenTrust.com
- -note: Cross-sign of LetsEncrypt.org
- -recomendations:
- - SHA1 Fingerprint
- -signed: No
- -verification: unknow
- ## Symantec.com
- -recomendations:
- - SHA1 Fingerprint
- -signed: Fingerprint but SHA1
- -verification: unknow
- ---
- 1: owners/crackers/governments will do shit on it