Hacker News new | past | comments | ask | show | jobs | submit login

If there was just one CA then there would be no CABforum and users would have no leverage. This is the situation in DNSSEC. I don't think it's that bad, as one can always run one's own . and use QName minimization, but still, com. and such TLDs would be very powerful intermediate CAs themselves. And yet I still like DNSSEC/DANE as you know, except maybe I'm liking the DNAE+WebPKI combo more. And I don't fear "too few CAs" either because the way I figure it if the TLAs compromise one CA, they can and will compromise all CAs.



Well, I will give you this: this is a novel take. The WebPKI and DANE, because, heck, it's all compromised anyways.

Personally: I'm for anything that takes leverage away from the CAs.


Well, it's u/LegionMammal978's novel take, I just riffed on it.

> Personally: I'm for anything that takes leverage away from the CAs.

You can automate trusted third parties all you want, but in the end you'll have trusted third parties one way or another (trust meshes still have third parties), and there. will. be. humans. involved.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: