Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Certificate authorities are the (shaky af) basis of the entire trust chain of the web.

Because its root certificate is in everybody's CA bundle, StartCom had a moral responsibility to understand the security around this product. This is negligence.

I don't have any StartCom certificates right now, but I sure won't have any in the future after this display.

What would a "CA death penalty" look like? They're a "root" CA, is there an entity that signed their root certificate that could issue a revocation? Or would we have to get all the OS and browser vendors to agree to phase out their root after some time?



> Or would we have to get all the OS and browser vendors to agree to phase out their root after some time?

Yup.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: