Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>it would be a grave error to issue an IP cert without active insight into BGP

Why? Even regular certs are handed out via IP address.



> why we are wasting so much time on utterly wrong TOFU authorization? If you are supposed to have an establishable identity I think there is DNSSEC back to the registrar

They retire challenges that were once acceptable. What happens if they require a real chain of trust? They retire http and domain names keep working on DNS/DNSSEC.

Making IP with only http challenges is going backwards.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: