Y
Hacker News
new
|
ask
|
show
|
jobs
by
rentnorove
1652 days ago
Wouldn't you want to validate it for the time at which it was served? In which case you'd just an archive of the CA roots at the time.
1 comments
paxys
1652 days ago
And how do you verify that the CA roots are authentic?
link
notriddle
1652 days ago
The Hg history from Mozilla-Central?
link
paxys
1652 days ago
Sure but that's still a third party dependency. And then you have to verify that the Firefox source is authentic. My point is there's no way to have a fully self verifying archive.
link