Comment by treebeard901

Comment by treebeard901 a day ago

1 reply

View on Hacker News

It is also a lot easier since ceetificate pinning has fallen out of favor. Many sites use LetsEncrypt. The Certificate Authority system itself is not reliable.

In a way it is the perfect solution from a Govt perspective. Other countries have systems at this scale and larger. China for example.

yencabulator 18 hours ago

What makes the CA system reliable is browsers insisting on Certificate Transparency before trusting a cert. If an attacker creates an evil cert by stealing the ACME verification traffic, there's a permanent record of it. Big corps can monitor the ledger to see what certs have been handed out to their domains.

Reply View 0 replies