Hacker News new | past | comments | ask | show | jobs | submit login

The thing with certificate is that they not only add security, but they also act as a signature.

If Verisign deliver a certificate with the wrong domain, you'll be able to know that Verisign signed that certificate.

They could certainly say it was a mistake somewhere in the process, but that argument won't work for ever.

At one point sadly you need to trust someone. This model at least give you a way to prove that trust has been broken.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact