undefined | Better HN

0 points1oooqooq1y ago0 comments

after you sold a .gov then any discussion about not supporting your root means denying users access to that .gov service.

0 comments

e63f67dd-065b1y ago

Many government websites use Entrust, and that didn’t stop this from happening. So I don’t think that this is a good theory.

lokar1y ago

CA roots are not connected to tlds

devrand1y ago

They’re saying that once you’ve sold certs to governments, distrusting that root will deny people access to government resources. They’re merely using “.gov” as a proxy for “some government”.

Also roots can be TLD constrained, typically to ccTLD(s).

lokar1y ago

But they are very carefully not breaking anyone. If you have an entrust cert it will keep working, you can even renew it with them.

j / k navigate · click thread line to collapse

0 comments

e63f67dd-065b1y ago

Many government websites use Entrust, and that didn’t stop this from happening. So I don’t think that this is a good theory.

lokar1y ago

CA roots are not connected to tlds

devrand1y ago

Also roots can be TLD constrained, typically to ccTLD(s).

lokar1y ago

But they are very carefully not breaking anyone. If you have an entrust cert it will keep working, you can even renew it with them.

j / k navigate · click thread line to collapse