I am a dutch citizen and have a .nl domain. Yet, that does not mean I am ok with... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

rocqua on Oct 28, 2017 | parent | context | favorite | on: Public Key Pinning Being Removed from Chrome

I am a dutch citizen and have a .nl domain. Yet, that does not mean I am ok with the dutch government issuing invalid certificates for my website.

True, it's an improvement that only the dutch government can do this, and not the Hong Kong post office. On the other hand, it is a major downside that we are encoding the possibility of government dragnet surveillance.

In the end, certificate transparency logs will let me notice whenever anyone issues a certificate for my website.

lmm on Oct 29, 2017 [–]

> it is a major downside that we are encoding the possibility of government dragnet surveillance.

Quite the opposite; DANE makes it possible to have a TLD that opts out of giving national governments access to it. Most existing TLDs are controlled by governments, but that doesn't have to be how it is.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact