Hacker News new | past | comments | ask | show | jobs | submit login

I think what everyone is missing in this argument is that, with certificate issuers like GoDaddy out there, identity is no longer certain.

At the speed that they turn around certificates, their really can't be much verification going on if any.




That's definitely true. Basic SSL hardly amounts to verification beyond the ability to find a valid credit card, yet browsers will accept the generated certs without a question.

To the OP's point, I'm perfectly happy to generate self signed certs, but I find that browsers make using them more inconvenient than necessary. That's the part that seems a bit conspiratorial to me. It wouldn't be hard at all to pop up a very clearly worded message "this is a self-signed certificate with fingerprint xxx, would you like to accept it [once] [every time]". Safari and Firefox aren't too far far from this, but I find chrome and IE to be obtuse at best.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: