logo

ca-certificates

Unnamed repository; edit this file 'description' to name the repository. git clone https://anongit.hacktivis.me/git/ca-certificates.git/

RejectedCAs.md (888B)

    

  1. # Rejected Certificate Authorities
  3. ## GlobalSign
  4. ### Proprietary verification
  6. Even post-ACME, they still support non-standard verifications, in fact in September 2014 they added the non-standard ability to set custom emails via DNS TXT records: <https://support.globalsign.com/ssl/ssl-certificates-life-cycle/using-dns-txt-records-specifying-domain-approver-emails>
  8. ### Custom CAs
  10. - <https://www.globalsign.com/en/custom-ca-private-pki> seems to allow man-in-the-middle ("SSL/TLS Inspection/Decryption") which should only be done with a special non-trusted certificates.
  12. - Cross-signs other CAs, which while interesting for allowing new CA, ultimately means having to trust all the cross-signed CAs
  14. ## ZeroSSL
  16. This is a sockpuppet of COMODO which has been involved in numerous controversies: <https://en.wikipedia.org/wiki/Comodo_Cybersecurity>
  18. ## Sectigo
  20. Re-branding of COMODO.