|
|
|
|
|
|
by simias
3271 days ago
|
|
|
The parent makes the point that it's not necessarily the case since hacking any trusted CA (no matter the size) lets you generate certificates for anything. If letsencrypt was hacked today it could be used to generate a valid google.com certificate for instance, even though Google's certificate is normally issued by their own authority. It's a weakness of the current authority architecture really, trusting a CA is an all or nothing decision. If any of the authorities is compromised you're vulnerable until you remove the CA from your browser, regardless of the number of legit certificates it issued. |
|
|