Hacker News new | ask | show | jobs
by Nimi 3768 days ago
Fascinating. I still feel I'm missing something basic here: If Microsoft, Google and Mozilla announce they're not going to accept any particular crypto primitive two years from now, and this time there won't be any exceptions, CAs and websites just have to abide, don't they?
2 comments
nl 3767 days ago
The browsers say what they accept, the server says what it provides and something in the intersecting set will be used.

If (as a random example that didn't annoy me at all for 2 years) a website also needs to support SmartTV devices which only accept obsolete certificates then your server has to either break them or not.

link
Natanael_L 3768 days ago
Then a bunch of big companies announce they'll use another browser to be able to keep using it
link
Nimi 3767 days ago
Another browser beside Chrome, Firefox and IE? OK, so Symantec announces that they will only use Opera. Even then, they have to deal with their customers, website operators who need a certificate trusted by the big 3 browsers, leaving. In fact, now that Let's Encrypt certificates are free, it seems like this is the Symantec CA's worst nightmare.
link
Natanael_L 3767 days ago
Not CA:s, but clients like banks
link