I'm just wondering if this is dubious practice considerig that the OS vendor might not have been externally audited for example about how safe the private key is etc.
Is there any references to "rules" about stuff like this?
I'm just wondering if this is dubious practice considerig that the OS vendor might not have been externally audited for example about how safe the private key is etc.
Is there any references to "rules" about stuff like this?
You think they are trustworthy enough for the rest of the operating system, why not the encryption? If they wanted a backdoor, they could easily add one anywhere.
For example, Apple has two CAs in Keychain Access, equally trusted as the other 161 more real CAs like Verisign (AOL is apparently trusted.. didn't know that). I would guess that Apple went through the same process as the others, but I doubt it'll be confirmed publically.