Hacker News new | past | comments | ask | show | jobs | submit login

That's what we meant. IIRC you can't even use a self-signed certificate directly for authentication: you have to create your own self-signed root CA, then use it to sign you authentication certificate.

The point is, if what you do interest the US government, it can compel Verisign and the likes to betray your trust, so you shouldn't trust them. And what emerges progressively is that the threshold beyond which you're deemed "interesting" by US administrations is way lower than long believed.

If you're a company doing international business, you want to secure your strategic communications with your own root CA, not with that of a company who can't say no to the government.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact