Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Symantec alone owns 42+% of all the HTTPS certificates. Can you imagine a browser willing to break 42% of all the secure sites for their users? Even if you know a CA isn't very trustworthy, the situation needs to get really out of hand to outweigh the problem of having thousands of sites stop working.

That's why the Convergence/Perspectives proposals are so interesting: they let you remove trust on a provider ("Notary") without breaking the process.



The system doesn't have to be fair for it to be better. So Symantec and Verisign can use their clout to get around the rules. Fine. Let the system be unfair to the smaller CAs, and better for end-users.


Symantec and Verisign

Nitpick: Verisign isn't in the CA business anymore, Symantec bought it.

Let the system be unfair to the smaller CAs, and better for end-users.

But how is the system better for end-users? If a big CA fucks up, they're either at the risk of being MITMed or of having half their secure sites stop working. If no CA had more than, say, 10% of the market, a fuck up would only affect a small number of the sites they use.


Ah, shit, you're right about SYMC (I was actually scratching my head about how they were so dominant), thanks for pointing that out.

My logic is simple: fewer CAs selling the whole Internet trust scheme to the highest bidder = safer Internet.

If SYMC's CA is going to be above the law, so be it. We don't have to solve every problem simultaneously.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: