I have a long list of Certificate Authorities, many of which are overseas, e.g. Netherlands, Turkey, China, and many others. Should I delete them?
I have a long list of Certificate Authorities (about 280), many of which are overseas, e.g. Netherlands, Turkey, China, and many others that are unknown to me. They do not appear to be related to any websites I visited. Are my emails compromised in terms of privacy? Should I delete them? Why do I need so many certificate authorities?
Tất cả các câu trả lời (2)
You may need them to connect to a server using an encrypted connection. You may have a similar list in your browser too.
Within Europe, apparently local systems might well be hosted abroad (i.e. in other European countries), so a broad brush removal of anything you consider irrelevant could have unintended consequences.
Sure delete them... but when you get email or try and open a web page that has a certificate from them you will not be able to open the mail or the web page without issues or making manual decision to trust the authority in question. The geographical location of the certifying authority is of no relevance.
The now defunct Mozilla Messaging used a certifying authority in Israel for it's certificates (Start) so if someone had deleted that from their settings in a fit of xenophobic housekeeping they would not have been able to open their web sites or read mail from their employees without problems.
Certifying Authorities form a chain of trust. They on the whole certify one another, but at the top of the certification pyramid/s there most be someone or group of someones who the program simply "trusts" to certify. Hence programs have a long list of pre approved companies that are allowed to issue certificates. These lists are constantly updated and should there be a serious security issue such as one of the authorities being compromised. The people at Mozilla will update or revoke that authorities trusted status.