Hacker News new | past | comments | ask | show | jobs | submit login

> I am tired that everyone provides very limited certificates trust management capabilities, like either certificate or SPKI pinning with TOFU. Even my beloved Xombrero browser still pins only the whole certificate, but its public key would be much more sufficient and convenient to work with.

Eh, a public key plus information about its validity (date, subject) is a certificate? So when you "pin" a key to a domain, you've effectively made a (non-standard) certificate that you explicitly trust?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: