Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If a CA is compelled to issue a false certificate by court order, this destroys their credibility completely. If I ran a CA, I'd rather face the consequences, and let the court ask another listed CA, rather than destroy my entire business model.


Watch what happens when we find out which CA's did this. My money is on "they do not go out of business". Give it a few months.


CAs must be audited and have a certification to be accepted in the major browsers (something like WebTrust). If anyone did this, they would lose that certification immediately and then they'd be out of business because their root CA would be revoked from Windows/Firefox/Mac OS.

The question is how WebTrust would treat this type of theoretical issue.


Especially with Americans new found willingness to accept overreaching law enforcement measures. So long as one of the right trigger words (terrorism, children) is used, the average purchaser of certificates won't blink at the idea that law enforcement completely subverted the chain of trust that enables their customers to believe they are dealing with who it says on the certificate.


Court order?

Your argument might make sense if it was law enforcement making the request. But do you really think companies should ignore court orders?


Can a court order you to commit a fraud?


Yes. Courts can also order you to destroy property, breach (most types of) confidences, alienate people from money in their accounts, etc etc, and lie about doing all of the above.


Source?


There's a difference between fighting court orders and ignoring court orders.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: