undefined | Better HN

0 pointsgrey-area10y ago0 comments

Probably just that we're being told who to trust, instead of deciding who to trust.

0 comments

I guess we could have some kind of web of trust system instead. But are there any web of trust systems that actually work in practice?

Natanael_L10y ago

Allowing multisignature models would at least drop the single point of failures, by being able to require verification from multiple CAs. In combination with certificate transparency and DNSSEC+DANE it would add much stronger security.

gopowerranger10y ago

So you trust yourself more than everyone behind Let's Encrypt, et al? Of course, you don't have to use Let's Encrypt so you do have a choice.

grey-areaOP10y ago

I think the criticism was meant as one of the CA model, not Let's encrypt specifically - you have no choice about using CAs if you want to use https to serve a site to normal users. Also, I'm not the OP and think Let's Encrypt specifically is a great idea, already on the waiting list.

j / k navigate · click thread line to collapse