logo

ca-certificates

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/ca-certificates.git

CertificatesAutorities.md (1226B)


  1. ## CACert.org
  2. -recomendations: Medium
  3. - SHA1 Fingerprint
  4. - no ECC certificates
  5. -signed: 1024D OpenPGP on SHA1 fingerprint
  6. -verification:
  7. - domains aren’t checked for modifications (verifies only once)
  8. - uses hardcoded/whois’ed emails… not so secure (let’s register every {admin,root,webmaster}@host with public registeration)
  9. ## immerda.ch
  10. -note: There is something about Let’s Encrypt on the website, I hope they keep their CA until Let’s Encrypt is more trustable
  11. -recomendations: OK
  12. -signed: OpenPGP on root
  13. -verification: unknow
  14. ## sks-keyservers.net
  15. -recomendations: OK
  16. -signed: OpenPGP on root
  17. -verification: OK(only for keyservers)
  18. ## hackint.org
  19. -signed: OpenPGP on root
  20. -recomendations: OK
  21. -verification: OK(only for hackint.org)
  22. ## LetsEncrypt.org
  23. -note: is probably too big[1], legalities are horrible (but you don’t actually accept them knownfully)
  24. -recomendations: OK
  25. -signed: No
  26. -verification: OK(ACME)
  27. ## IdenTrust.com
  28. -note: Cross-sign of LetsEncrypt.org
  29. -recomendations:
  30. - SHA1 Fingerprint
  31. -signed: No
  32. -verification: unknow
  33. ## Symantec.com
  34. -recomendations:
  35. - SHA1 Fingerprint
  36. -signed: Fingerprint but SHA1
  37. -verification: unknow
  38. ---
  39. 1: owners/crackers/governments will do shit on it