Hacker News new | comments | ask | show | jobs | submit login

Interesting note about public keys that are automatically trusted by proprietary operating systems, and the potential for abuse by foreign powers. Reminded me of the discussion a while back about how it's relatively easy to become a root certificate authority in Firefox. Everyday cryptography needs some serious revamping.

The UI for everyday cryptography needs some serious revamping.

It's not relatively easy to become a Firefox root CA, but too many people are, and part of the reason why is that your cert store configuration is buried deep in the "don't touch, no user serviceable parts" bowels of your configuration.

And how does one fix/change it?

This is a good point, and it is something that the authors of http://web.monkeysphere.info/ are trying to solve.

More info: http://web.monkeysphere.info/why/#index1h2

Because this project (sensibly) doesn't override X509 authentication, it does nothing to address the problem observed by the parent commenter, or for that matter the fever dream of the article we're commenting on.

Thankfully, it is very unlikely that anything like this would ever see widespread adoption, thus allowing us to sidestep the question of how it might work if they turned X509 off.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact