Browser Certificate Stores and QWACs (infosec.pub)

submitted 10 months ago by MSgtRedFox@infosec.pub to c/cybersecurity@infosec.pub

1 comments fedilink hide all child comments

Let's talk about root certificate management and the EU proposed QWACs.

Steve Gibson of the security now podcast weighed in with opposition to the EUs proposed QWACs certs and cited a few other prominent figures also expressing opposition.

Paragraphing their concerns, they proposed that mandating a bunch of new CAs introduced more risk and greater opportunity for abuse or compromise. Steve favors less CAs also being in favor pruning out most, but 6 or 7.

At the moment, I don't care for browsers having their own certificate stores, as I would rather use the OS which I would use group policy for windows or use an automation tool for Linux.

I am also in favor of pruning out certs, though I've never tested that in an enterprise.

Does your organization allow non OS certificate stores?

Does your organization prune out default root certs?

How do you feel about the proposed QWACs?

top 1 comments

sorted by: hot top controversial new old

[-] satanmat@lemmy.world 2 points 10 months ago

This is something I want to discuss at work.

I think I’d feel better about only having the minimum number of certs.

this post was submitted on 09 Jan 2024

4 points (100.0% liked)

cybersecurity

3316 readers

24 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub