Hacker News new | past | comments | ask | show | jobs | submit login

> Everything related to identity has effectively been delegated to domain registrars. TLS certs as envisioned by browsers are really only about proving that you have genuine control of a particular domain

Might as well just stick the certificate hash in a DNS record and forget about keeping a public consensus on universally trusted CAs.




Isn't this is what DANE is trying to do?


I'd forgotten the name, but yes it is. And I'd seen it dunked on for relying too much on the registrars being secure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: