On Security Now! podcast #951, Steve told us that 7organizations in the PKI are responsible for minting upwards of 99% ofall existing certificates. (Possible original source.) His suggestion was that we can remove all CAs except for those 7 andstill be able to browse the web normally. I wanted to try that, so Idisabled almost all CAs in Firefox by hand (about:preferences#privacyand then “View Certificates…”). After allowing some other CAs that Iencountered on web sites and that I though...
