[salawat]

The problem with that analogy is that the cert issuer isn't a mere component of the car, but the entire car in this instance. That cert being trustworthy is the entire point.

When I was in schooling getting filled in on Web of Trust, I about ground that particular day's class to a halt because I couldn't imagine the world was that cavalier on such a thing.

Lo and behold, I realized shortly afterward it absolutely was the case, and there was nada I could do to change it except figure out how to get normal people universally fluent and invested in basic cryptography so they could manage their own trust networks. You can imagine how well that's gone.

[JumpCrisscross]

> problem with that analogy is that the cert issuer isn't a mere component of the car, but the entire car in this instance

I'm critising OP for castiglating a bank employee for not knowing who their CA is. That's not something a line employee needs to know. And that's not the appropriate way to ask that.

If I want to know who issued HN's certificate, I don't e-mail a YC associate. I look at my browser and see it's Let's Encrypt.