Hacker News new | ask | show | jobs
by Avamander 134 days ago
Not forbidden, just not going to be a part of WebPKI.

It's one of those things that has just piggybacked on top of WebPKI and things just piggybacking is a bad idea. There have been multiple cases in the past where this has caused a lot of pain for making meaningful improvements (some of those have been mentioned elsewhere in this thread).
1 comments
xg15 134 days ago
What exactly do you mean with "WebPKI"?

The PKI system was designed independently of the web and the web used to be one usecase of it. You're kind of turning that around here.

link
mcpherrinm 134 days ago
The current PKI system was designed by Netscape as part of SSL to enable secure connections to websites. It was never independent of the web. Of course PKIs and TLS have expanded beyond that.

"WebPKI" is the term used to refer to the PKI used by the web, with root stores managed by the browsers. Let's Encrypt is a WebPKI CA.

link
Avamander 134 days ago
The idea of a PKI was of course designed independently, there are many very large PKIs beyond WebPKI. However the one used by browsers is what we call WebPKI and that has its own CAs and rules.

You're trying to make it sound like there has ever been some kind of an universal PKI that can be used for everything and without any issues.

link
bawolff 134 days ago
> What exactly do you mean with "WebPKI"?

WebPKI is the name of a specific PKI system, where PKI us a generic term for any PKI.

link