undefined | Better HN

0 pointssupriyo-biswas2y ago0 comments

CA changes can happen due to many legitimate regions. Pinning certificates in this way doesn’t scale, as we saw with the deprecation of HPKP.

0 comments

Jensson2y ago

All you need is a list of trusted CA's, like we do right now, and then issue a warning if it isn't on that list. It is a very simple plugin to make.

g-b-r2y ago

These certificate authories will also issue legitimate certificates btw, the regulation explicitly encourages local states to use them for their services

j / k navigate · click thread line to collapse

0 comments

Jensson2y ago

All you need is a list of trusted CA's, like we do right now, and then issue a warning if it isn't on that list. It is a very simple plugin to make.

g-b-r2y ago

These certificate authories will also issue legitimate certificates btw, the regulation explicitly encourages local states to use them for their services

j / k navigate · click thread line to collapse