Hacker News new | past | comments | ask | show | jobs | submit login

They can do that because of domain-validated certificates, and they can do that after the DNS is secured.



And the CA that issues the cert will be flamed and possibly removed from Chrome/Firefox.

(Edit: If they are caught.)


Why would they be removed? If the CA correctly follows all of their procedures and approves a domain-validated cert, why punish them for approving what is a legitimate request?

If the CA is coerced into issuing a cert, however, I agree with you.


You’re right. I misunderstood the scenario we were discussing.


So isn't that a criticism of domain-validated certificates? This is a serious question. I haven't heard a compelling argument for how DNSSEC/DANE gives governments any more power than existing DNS delegation.


Domain validated certificates do not require a new protocol however.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: