Hacker News new | past | comments | ask | show | jobs | submit login

What does https do that's different from verifying the cert chain and matching the cn to the hostname? Is this about the ill-conceived cert-pinning that pretends distributing keys for every domain is a scalable alternative to certificate authorities and on-line revocation lists?



An MTA-STS web server is also used for policy discovery, and the HTTPS requirement ensures that the policy is authentic.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: