undefined | Better HN

0 pointsteddyh2y ago0 comments

Those non-web CAs are not the topic of discussion, though. When we are discussing the DNSSEC PKI, we are not discussing any altroots¹. When people are discussing the CA system for TLS, they overwhelmingly mean the normal web CAs.

1. https://en.wikipedia.org/wiki/Alternative_DNS_root

0 comments

tptacek2y ago

"The normal web CAs" means "the Mozilla and Chrome root programs". There are other CAs, and some of them are even in the root stores of other browsers, but they're not "trusted" in the sense you meant upthread.

j / k navigate · click thread line to collapse

0 pointsteddyh2y ago0 comments

1. https://en.wikipedia.org/wiki/Alternative_DNS_root

0 comments

tptacek2y ago

j / k navigate · click thread line to collapse