SSL Certificate Authorities
Browser development teams, both open source and proprietary, need to give their heads a shake when it comes to the CA list.
They seem to have forgotten that all Certificate Authorities are businesses first. For a website to get a certificate they only have to pay a fee to any C.A. To phrase it in plain English: Pay me n dollars and I’ll tell everyone that you are a good site to do business with. This is absolute stupidity to say that any Certificate Authority is, or can be, TRUSTED.
There is no oversight on the activities of the CAs, without a body able to REVOKE a CA’s operations there is nothing to make them do anything to validate the information, business reputation specially, for those who want a certificate from them. As long as the situation remains the same, any web broswer development team that includes a list of “Trusted” Certificate Authorities should be held legally liable for any damages that end users suffer from shady website operators. Make the end user have to accept the certificate for the website, then it was by their choice that they trusted the site owner. Currently, because the CA list exists, end users are NOT being reminded that they are risking confidential data that can cost them thousands to a website and company they would most likely never be able to get recompense from. They may not be in the same part of the world as the end user, making the end user unable to even try to get their money back through legal process. [ After all, who can afford to fly to China* to try to sue a company for the money they stole. ]
So, a list of trusted Certificate Authorities is actually an extreme dis-service to the end user, and is not a nice thing for any software to have. With no oversight and enforcement body, there is not one single CA that can honestly be called “trusted”
* China only used as an example of a difficult journey and drastically different legal system, I am not saying that all companies, or even if there are any companies, in China that would or do engage in such illegal activities.