Hacker News new | past | comments | ask | show | jobs | submit login

So perhaps that's an issue with the UI not clearly showing which CA is verifying the identity, and alerting you clearly if an encrypted email is using a different CA than prior ones.

Depending on the client you're using, it shouldnt be too hard to prune the trusted CA list to only include providers you choose to trust. If you want, only include your CA and remove all others.




So instead of PGP - which is already quite daunting, mind - the user now get to assess the security of 200+ CAs, most of which they've never heard of?


You're right, this wouldn't make a lot of sense for most users.

But this would be useful in a corporation where it's possible to centrally manage CA lists for approved applications.




The deadline for YC's W25 batch is 8pm PT tonight. Go for it!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: