logo

ca-certificates

Unnamed repository; edit this file 'description' to name the repository. git clone https://anongit.hacktivis.me/git/ca-certificates.git/

RejectedCAs.md (828B)

    

  1. # Rejected Certificate Authorities
  3. ## GlobalSign
  4. ### Custom CAs
  6. - <https://www.globalsign.com/en/custom-ca-private-pki> seems to allow man-in-the-middle ("SSL/TLS Inspection/Decryption") which should only be done with a special non-trusted certificates.
  8. - Cross-signs other CAs, which while interesting for allowing new CA, ultimately means having to trust all the cross-signed CAs
  10. ## COMODO
  12. Brands:
  13. - Francisco Partners Management, L.P.
  14. - Xcitium
  15. - Sectigo
  16. - CodeGuard
  18. Or Sectigo with their re-branding.
  20. Notorious in terms of controversies, shouldn't be present in any decent CA list. <https://en.wikipedia.org/wiki/Comodo_Cybersecurity>
  22. ## ZeroSSL
  24. The certificate they use <https://crt.sh/?caid=158799> is a child certificate of Sertigo/COMODO.
  26. Looks very suspicious, normally a new CA should only get cross-signed.