Y
Hacker News
new
|
ask
|
show
|
jobs
by
supriyo-biswas
962 days ago
CA changes can happen due to many legitimate regions. Pinning certificates in this way doesn’t scale, as we saw with the deprecation of HPKP.
1 comments
Jensson
962 days ago
All you need is a list of trusted CA's, like we do right now, and then issue a warning if it isn't on that list. It is a very simple plugin to make.
link
g-b-r
962 days ago
These certificate authories
will
also issue legitimate certificates btw, the regulation explicitly encourages local states to use them for their services
link