Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Because taking money to issue certificates sets good incentives...


Well, I’d say the most valuable data is generally TLS-protected. E.g. Gmail, Outlook.com, Dropbox, etc. I sure would like to see even better TLS adoption rates than what the web currently has, but I don’t think that we should compromise the trustworthiness of the certificates in order to achieve this goal.

What makes the CA-issued certificates trustworthy is that they are in fact verified to belong to the legitimate owner of the domain. Doing the verification and maintaining the CA’s infrastructure is not free so I don’t think it’s very surprising that the vendors charge for their service.


"What makes the CA-issued certificates trustworthy is that they are in fact verified" ahahaha good one.

You should read about the history of Certstar, the Comodo RA. Why take money, expand ressources to verify the informations and issue the certificate when you can shortcut the verifications...

No matter how you look at it, the CA system is full of perverse incentives...




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: