Hacker News new | past | comments | ask | show | jobs | submit login

It's naive to think you can scale the web we have today on web of trust. If you didn't know, Google Chrome ignores to a large extent the whole certificate revocation infrastructure because it's slow and it has privacy issues[0]. How would things work if you would check every single web request you make against the web of trust? Your peers would know every site you visit, or worse, a notary for your trust would know every site you visit. PKI works because the check is local and based on time and cryptographic signatures.

[0] https://en.wikipedia.org/wiki/Online_Certificate_Status_Prot...




OCSP stapling solves the privacy issues IIRC.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: