Key points are not available for this paper at this time.
Organizations like Apple, Microsoft, Mozilla and Google maintain certificate root stores, which are used as trust anchors by their popular software platforms. Is there sufficient consensus on their root-store inclusion and trust policies? We measure disparities among their root stores, accounting for various aspects such as inclusion policies, delivery methods, trust context, and the certificates themselves. Disparities appear astounding, including in the government-owned certificates that they trust. We believe such a status-quo is alarming, and warrants more attention from the wider community.
Purushothaman et al. (Thu,) studied this question.