If CNNIC decides it wants to rent out their trust bits like this, they need to r... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		0x0 on March 23, 2015 \| parent \| context \| favorite \| on: Maintaining Digital Certificate Security If CNNIC decides it wants to rent out their trust bits like this, they need to realize they are putting their trust on the line. Any actions performed by sub-CAs under their trust authority should be their responsibility. They need to re-evaluate if taking money to rent their CA bits is worth the stakes. The alternative is that it's a free-for-all for everyone in the trust store. Cash in selling sub-CAs and shrug if they get caught? Really?

jlgaddis on March 24, 2015 [–]

> Cash in selling sub-CAs and shrug if they get caught? Really?

With the exception of DigiNotar [0], what has happened to any of the other CAs that had "security issues"?

[0]: https://en.wikipedia.org/wiki/DigiNotar

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact