[5ilv3r]

This is how the system was meant to work. The irresponsibility of the centralized CA infra has been known for a little while now, and it's time to let the users see how shaky this trust model really is. Let them have certs that are actually made by the companies they trust instead of some stupid third party.

[kodablah]

> This is how the system was meant to work.

No, not across all applications on your computer. This is not about using your own CA, it's about making other software use your CA. They could just issue an update to their software to trust their own certs instead of infecting the rest of the OS.

[5ilv3r]

They could. That would be a bit tricky though since http libs usually use the shared system cert store.

[xxs]

This is nonsense (the tricky part), esp. when it comes to a software giant as Blizzard. Virtually any ssl/https library allows custom certs that can be shipped along with the executable. It's awfully common to see clients (enterprise) with trust-all keystore.

[kodablah]

Any reasonable one would allow you to change the trust store or approach programmatically.

[5ilv3r]

My argument was that centralizing trust as a service is unsustainable. That's all.

[1_2__4]

You appear to lack any authority or knowledge here because almost every part of your comment is completely wrong.

[sctb]

You've been posting a whole lot of comments that violate the guidelines. Could you please read them and start commenting civilly and substantively?

https://news.ycombinator.com/newsguidelines.html