I think Ted Unangst makes a pretty good point about this: Their job should be to verify if person X is who they say they are, not verify that their activities are legitimate. I don't like the CA...
Everyone is focused on google, but it seems to me the core problem is let’s encrypt. It’s a perversion of the certificate model that they should be checking for malware at all. The cert verifies the domain name, not that the content is organic shade grown goodness. This shouldn’t be happening even if they are hosting malware.
Their job should be to verify if person X is who they say they are, not verify that their activities are legitimate.
I don't like the CA model; while I get that fundamentally if you want convenience, there has to be trust somewhere, but the current model just seems like the wrong way about it.
I think Ted Unangst makes a pretty good point about this:
Their job should be to verify if person X is who they say they are, not verify that their activities are legitimate.
I don't like the CA model; while I get that fundamentally if you want convenience, there has to be trust somewhere, but the current model just seems like the wrong way about it.