Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This feature would not be better if the sewer vampires that run the SSL CAs got to control it.


What moral argument are you using where Apple comes out on top and SSL CAs don't?


Is that a serious question?

Here, let's try just one response and you just (safely) assume that it stands in for a myriad of other similarly horrible issues:

Likelihood that Apple will sell its CA root key to an unnamed Fortune 500 company under NDA to make some kind of software rollout problem simpler for them at the expense of the security of every Mac computer in the world? Zero.

Likelihood that an SSL CA will, after sucking the intestines out of a freshly killed puppy dog using its razor sharp SSL CA proboscis, sell its CA root key to an unnamed Fortune 500 company under NDA to make some kind of software rollout problem simpler for them at the expense of the security of every Mac computer in the world? Not zero. Not close to zero.


1. Will it prevent Apple from controlling which software runs on Macs? Yes.

2. Will the code signing scheme be more vulnerable to malware because of the third-party CA? _____ (fill in)


   2. ___ YES ___


I agree. But it's still better than letting Apple be the only CA. Would you like to have a single CA for TLS?


Huh? It is the opposite of better.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: