Hacker News new | ask | show | jobs
by gambler 2623 days ago
Clever. This means users won't be able to easily download software from websites not plugged into CA tree. One more step towards eradicating the ability of people to independently host websites altogether.

Increasingly, I see that the web no longer fulfills any of its original goals. On the other hand, if I look at it as a software delivery/execution platform I see a horrible mess that could have been designed a zillion times better if that was the goal to begin with.
2 comments
bigj0n 2623 days ago
Couldn't you add additional certificate authorities to your browser at will?

The CA system is decentralized by nature. If the existing authorities start trying to manipulate your internet by controlling who they verify, which hasn't really happened that I'm aware of, you can always add a new root certificate. Or consumer browsers can offer new CA roots out of box.

link
gambler 2623 days ago
The point isn't what you can do as a user. The point is that Google adds more and more hurdles to running a website without plugging into the CA chain.

CA chain is centralized. Plus, it requires you to have a domain name. DNS is also centralized (although to a somewhat lesser extent).

Effectively, we're seeing yet another step in hyper-centralization of the web.

link
ehutch79 2623 days ago
How many websites do you actually use don't have a domain name?

also, as above, there is no one root CA. you can add and remove any ca from your system. most users don't because why would you trust a random ca from some random site.

What's the actual problem here?

link
Crinus 2623 days ago
That i do not want some third party's permission to make my site and desktop applications available to everyone.

Note the one you asked, but i have the same issues with the certificate mafia.

link
denkmoon 2623 days ago
Getting modern browsers to accept your CA is a huge pain, different per browser and OS, and barely anyone will do it.

The moment anyone starts a community CA for this they'll just blacklist it.

link
Avamander 2623 days ago
Are you implying there aren't a lot of CAs to choose between?

How would you design it a "zillion times better"?

link