Hacker News new | ask | show | jobs
by nisegami 1251 days ago
>Nothing about TLS certificates is centralized

You're right that there are additional ACME providiers, but the reliance on just a handful of default root cert stores is what makes HTTPS centralized, even if TLS isn't.
1 comments
jeroenhd 1251 days ago
Most big apps bundle their own certificates/certificate authorities for cert pinning already. They can switch to their own CA system any time.

Sadly, DANE has failed because DNSSEC has failed on the American market. Hopefully we'll find an alternative for these protocols in the future.

link