8 comments

[ 4.3 ms ] story [ 31.5 ms ] thread
(comment deleted)
Somewhat discussed here in this earlier submission: https://news.ycombinator.com/item?id=40812833
Thanks, I wanted to submit that url earlier but thought this one provided more information.

I should have checked if it was already submitted.

Comments moved thither. Thanks!
The trust process used for the CA roots is fascinating. There's huge trust involved in selecting a CA, and there's a strong desire to use fair selection methods, but browsers act like external auditors, using policy and incident tracking to track behaviors.

A year back I wrote a blog post about other CAs that lost trust: https://alexsci.com/blog/ca-trust/