Certificate Root Stores: An Area of Unity or Disparity?
This addresses security and trust issues for users and organizations relying on digital certificates, but it is incremental as it analyzes existing disparities without proposing a new solution.
The paper examines the lack of consensus in certificate root store inclusion and trust policies among major organizations like Apple, Microsoft, Mozilla, and Google, highlighting alarming disparities, particularly in government-owned certificates.
Organizations like Apple, Microsoft, Mozilla and Google maintain certificate root stores, which are used as trust anchors by their software platforms. Is there sufficient consensus on their root-store inclusion and trust policies? Disparities appear astounding, including in the government-owned certificates that they trust. Such a status-quo is alarming.