Hacker News new | past | comments | ask | show | jobs | submit login

If certificates are broken then public key crypto is broken, because a trusted third-party certificate is necessary to prevent man-in-the-middle attacks, no?

No. The trust model of HTTPS was always broken from the start. This whole story "only" reinforces the point that key distribution and management is hard, and a central list of certificate authorities is not a good solution.

This story has exactly zero effects if you use some public-key system with different key management.

On the negative side, good systems don't really exist. On the plus side, this story might help push the development of good systems.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact