mercredi 11 février 2015

Are there other roots of trust on my computer aside from these 46 root certificates?



I've heard many people imply that modern browsers and OSes trust a myriad of root certificates. The implication is that it is impossible to ensure the private keys of all of the root certificates installed on your system are, in fact, in control of trustworthy organizations. The oft cited trusting of the Hong Kong Post Office root certificate seems to be evidence of rampant growth of the list of trusted root certificates.


I just checked my Windows 8.1 computer's certificate store:


enter image description here


It seems to show only 46 trusted root certificates from about 20 organizations. Furthermore, there are only a handful I don't recognize and the infamous Hong Kong Post Office is nowhere to be seen.


My questions are:




  1. Is there some other stash of trusted root certificates that Windows and browsers are relying on?




  2. Are there other systems or versions that have/had a much longer list of trusted root certificates?




  3. Did Windows ever trust the Hong Kong Post Office root certificate by default?







Aucun commentaire:

Enregistrer un commentaire