Hacker News new | past | comments | ask | show | jobs | submit login

> I can run free, untrusted HTTPS easily using self-issued certificates.

At present you can. But think about what conditions might lead to free issuance faltering: it will almost certainly boil down to pressure from governments. And do you think that such governments will lightly allow you to bypass their measures? No; once the dust settles, no technical measures will be effective: the end result will be mandatory interception of all traffic, with TLS proxying and similar, and any other traffic blocked. Countries have even done this at times, requiring anyone who wants to access the internet to install their root certificate.

The internet is designed to be comparatively robust against sociopolitical attack, but if a sufficiently powerful government decides to concertedly attack the internet as we know it, the internet will not win the conflict.

> I don't know HTTP/3 at all, but if it is more tightly tied to CA infrastructure that is a problem.

As clarified elsewhere in this thread, HTTP/3 changes absolutely nothing about certificate verification; superkuh appears to have misunderstood the meaning of the text in the spec.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: