Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
mikeash
11y ago
0 comments
Save
Share
What about every other certificate issuer, whose up-front fees incentivize companies to not encrypt data in the first place?
0 comments
2 comments · 1 top-level
top
newest
oldest
clinta
11y ago
· 1 in thread
Not encrypting is better than not revoking a compromised certificate. A compromised certificate gives the user the impression that the connection is secure when it's security is compromised. A plaintext connection makes no false claims.
mikeash
OP
11y ago
In which case if you don't want to pay for revocation, you could just revert back to an unencrypted connection.
j
/
k
navigate · click thread line to collapse
