undefined | Better HN

0 pointsjruohonen2y ago0 comments

Indeed: the goals are justifiable and very much welcome, in my opinion. Yet, I do not understand what CAs and the global TLS/PKI ecosystem have to do with the goals.

0 comments

Jensson2y ago

> Yet, I do not understand what CAs and the global TLS/PKI ecosystem have to do with the goals.

Technically that is also digital signing. The regulators probably thought that all kinds of digital signing should be included in this bill and just slapped something down for browsers while they were at it.

g_p2y ago

My guess is that someone saw the value (rightly) in being able to do "good" digital signatures on the web (better than docusign in terms of integrity/proof), and that meant (in their head) those certificates have to work in the web browser.

Which, if you don't understand web trust and PKI, means a bit of searching online will tell you that you need your browser to trust the CAs you use for digital signatures.

Which is of course not true - you can (and should) present an "untrusted" (i.e. not a server authentication) certificate as your client certificate or for signatures, as there's different trust bits and use-cases for different kinds of certificates.

j / k navigate · click thread line to collapse

0 comments

Jensson2y ago

> Yet, I do not understand what CAs and the global TLS/PKI ecosystem have to do with the goals.

g_p2y ago

Which, if you don't understand web trust and PKI, means a bit of searching online will tell you that you need your browser to trust the CAs you use for digital signatures.

j / k navigate · click thread line to collapse