Hacker News new | past | comments | ask | show | jobs | submit login

> We also have to trust whoever controls the crypto-js project and the people running googlecode.com.

And every router between them and googlecode.com (or whatever that resolves to in their DNS situation!)

The link is an HTTPS link so that's not true. You merely have to trust every CA.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact