undefined | Better HN

0 pointskebman5y ago0 comments

I don't get this. Clearly the contents is served by Google, and so they can do whatever they like with it. How is an end user going to know whether the message was signed before it was passed on or not?

0 comments

Sephr5y ago

> How is an end user going to know whether the message was signed before it was passed on or not?

Your web browser will show a scary warning and refuse to display the bundle if it's not correctly signed. Google is not going to fake signatures for other sites, as certificate mis-issuance would open up Google to legal consequences.

izacus5y ago

How does the end user know now that a file from cdn.cloudflare.com is actually coming from NYTimes when it loads and runs code on their browser?

j / k navigate · click thread line to collapse

0 pointskebman5y ago0 comments

0 comments

Sephr5y ago

> How is an end user going to know whether the message was signed before it was passed on or not?

izacus5y ago

How does the end user know now that a file from cdn.cloudflare.com is actually coming from NYTimes when it loads and runs code on their browser?

j / k navigate · click thread line to collapse