|
|
|
|
|
|
by wtbob
3776 days ago
|
|
|
> It's not the CA's job to make sure your domain isn't expiring. It's yours. Really? In the simplest case, their entire job is certifying that the holder of the private key is the holder of the domain name[1]. That begs the question, of course: how is it that we trust every single CA to certify every single domain? Why don't we trust the issuer of each domain hierarchy to certify only those domains it's permitted to issue? The entire XPKI is broken, broken, _broken_. [1] In the more complex case, of course, they certify that the keyholder is some external entity. |
|
|