Re: Trust and CA's
I have no business with the CA and trust it less than i trust my bank so why should the CA be in a position to tell me whether my bank's certificate can be trusted?
The idea is that the CA's are so well-known and so universally trusted that the trust is implicit.
If a CA ever did anything that showed it to be untrustworthy then that implicit trust would be withdrawn and they would cease to be trusted by default as a CA.
... which is what's happening here.
I say "by default", above, because the fact that the CA's root certificate isn't handed to you as a de facto default, trusted, certificate doesn't stop you adding it to the browser's certificate store yourself.
Biting the hand that feeds IT
