Reply to post:

Google launches root certificate authority


Uhm, all root certs are self-signed.

And it's not the actual root cert that will be used for their sites. It'll be kept very much offline (HSM in a vault/safe, probably), or else they would be very much in violation of any established rules for CAs.

At most this will result in a shorter certificate chain. Usually CAs just sign a couple intermediary certs with their root and then use them to issue certs so a compromised cert will have less impact. Google could conceivably, if their organization allows it, actually sign the certs for their sites directly with the root.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019