Hacker News new | past | comments | ask | show | jobs | submit login

It's more than that. The ensuing thread uncovered that Symantec had exercised very lacking oversight over their partners (called Registration Authorities, or RAs) who were allowed to perform certificate validation on Symantec's behalf.



...and at least one of those RAs didn't seem to be doing any validation at all!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: