Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tptacek
on Dec 18, 2022
|
parent
|
context
|
favorite
| on:
Let's Encrypt now supports ACME-CAA: closing the D...
No, they’re not. They’re only possible in the Web PKI because of the coercive power the browser root programs have over CAs. No such influence exists in the DNS.
Mozilla will dis-trust your CA if you try to evade CT. It can’t revoke .io.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Mozilla will dis-trust your CA if you try to evade CT. It can’t revoke .io.