Perhaps you don't, but your computer does!

At this moment there are over a hundred Trusted Root Certifications Authorities in your browser or Operating System. Many of those don't mean anything to me.

When a Trusted Root Certification Authority is available in your browser or OS, you don't get any questions/pop-up that your entering a secured Internet connection. This means that the certificate was issued by someone trustworthy. Who decides who or what company is trustworthy?

I know most of the commercial SSL vendors like VeriSign, Thawte, Comodo, Equifax, Entrust, and Cybertrust. Those are the companies which sell most of the SSL certificates used on the Internet. But I haven't heard of Kozjegyzoi Tanusitvanykiado or IPS Seguridad. So do I want to trust certificates issued by them?

It would be nice if the browser had an extra message box (yes, another message box :-) ) to verify with the user if the CA should be trusted from this point on. This way the (pro-)user gets to decide if he wants to trust the CA (without the trouble of manually verifying the CA details on the CA website), and the basic user may rely on the recommendation from the OS/browser.

This way I can decide for myself if I want to trust some post-office in Japan or Germany.

Update on Wednesday, June 15, 2011 at 11:53 by Willem

only 4 years later the suggestion is picked up: http://www.imperialviolet.org/2011/05/04/pinning.html

Google will be the first to implement it in their Chrome browser.