Hacker News new | past | comments | ask | show | jobs | submit login

I don't consider a cert trustworthy just because it's signed by a CA, unless that CA is mine or one run by someone I personally know and trust. I came to this position before Snowden, though.



In the CA model is anything 100% yours? A signed cert has to depend on someone you dont know.


> A signed cert has to depend on someone you dont know.

No, it doesn't. If it's signed by my own CA, then I clearly know who signed it. Likewise if it's signed by a CA run by someone else I actually know.

The point of the signing is to have someone I trust validate that the cert they signed is trustworthy even if I don't know the entity that made the cert they signed.


Unless it's self-signed. Presumably you do know yourself well enough?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: