There's little evidence to support this afaict. Certs generated using non-default Roots are limited to 825 days in validity, more than twice the limit for those generated using the defautl roots.
FWIW, a slight clarification here would be that the majority of TLS certificates are issued by CAs in the US, but the majority of CAs are not headquartered in the US.
Not just Safari, but all TLS connections instantiated on Apple OSes
I think this is the experience of a lot of people and good security folks are taking notice to try and help: https://blog.digicert.com/understanding-the-google-chrome-co...
Considering you can get much of this functionality from programs created by CAs (for example, https://www.digicert.com/cert-inspector.htm from my CA), this seems... way too expensive.
There's little evidence to support this afaict. Certs generated using non-default Roots are limited to 825 days in validity, more than twice the limit for those generated using the defautl roots.
FWIW, a slight clarification here would be that the majority of TLS certificates are issued by CAs in the US, but the majority of CAs are not headquartered in the US.
Not just Safari, but all TLS connections instantiated on Apple OSes
I think this is the experience of a lot of people and good security folks are taking notice to try and help: https://blog.digicert.com/understanding-the-google-chrome-co...
Considering you can get much of this functionality from programs created by CAs (for example, https://www.digicert.com/cert-inspector.htm from my CA), this seems... way too expensive.