Hacker News new | past | comments | ask | show | jobs | submit login

FWIW PKI tends to mean a central point of failure. Some Russian organizations can't get TLS certificates because of sanctions.



Pki here does not mean a global CA. You can run your own CAs (and should).


Since only two parties are involved, why not use the easier pre-shared key system in that case?


For the many reasons I listed. Pre sharesd keys are almost always global and you can’t do forensics to find the leak.


You can cross trust and establish alternative trust paths in PKIs




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: