undefined | Better HN

0 pointsbawolff1y ago0 comments

> Issuing a Google certificate is a good way to get your whole CA killed.

Surely what happened here is a good way to get your CA killed? The linked bug seems pretty bad.

0 comments

Less clear on that. Bugs happen. I'm not an expert on browser root policies.

From what I understand one of the factors is how often things like this happen, and how well they handle it when it does.

agwa1y ago

Historically, singular domain validation bugs have not killed CAs.

j / k navigate · click thread line to collapse

Less clear on that. Bugs happen. I'm not an expert on browser root policies.

From what I understand one of the factors is how often things like this happen, and how well they handle it when it does.

agwa1y ago

Historically, singular domain validation bugs have not killed CAs.

j / k navigate · click thread line to collapse