nationwide interception of Facebook & webmail login credentials in Tunisia

Nicholas Bohm nbohm at
Wed Jan 26 10:44:17 GMT 2011

On 26/01/2011 09:18, Mark Lomas wrote:
> Some years ago (probably in 2000) I persuaded a major bank to remove
> the majority of CA certificates from the key store of the browser they
> had deployed.
> The IT department regarded the change as a nuisance, but the Legal
> department understood the problem as soon as I showed them the list of
> CAs.
> May I conduct an informal survey? Who on this mailing list has not
> removed any of the CA certificates that were pre-installed by whoever
> supplied your browser?

I have removed none - I regard them as equally untrustworthy for all
practical purposes; I could not establish liability against any of them
since to do so would require me to provide evidence that they had failed
in the limited duties they assume under their applicable terms and
conditions, which would be impracticable.

Contact and PGP key here <>

More information about the ukcrypto mailing list