Hacker News new | past | comments | ask | show | jobs | submit login

And the CA that issues the cert will be flamed and possibly removed from Chrome/Firefox.

(Edit: If they are caught.)




Why would they be removed? If the CA correctly follows all of their procedures and approves a domain-validated cert, why punish them for approving what is a legitimate request?

If the CA is coerced into issuing a cert, however, I agree with you.


You’re right. I misunderstood the scenario we were discussing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: