undefined | Better HN

0 pointskuschku9y ago0 comments

There is a public exception process to handle SHA1 certificates, and for the rest, they get special certificates of old root certificates that are only on older devices.

Obviously, all these options are not available to anyone except a handful of large companies.

0 comments

1 comments · 1 top-level

0x09y ago

That's at best off topic again. We're discussing the actions and trustworthyness of a currently trusted root CA here.

Edit: The exception processes also do not involve fraudulently backdating anything. Which is kind of a big deal when you are in the trust business.

j / k navigate · click thread line to collapse