Ask HN: How do distributed certificate authorities (eg tack) handle Heartbleed?
With the announcement of the Heartbleed vulnerability, a lot of domains are getting a new set of SSL certificates in a short period of time. This seems to be a pretty straightforward process given the centralized nature of certificate authorities. Request/install a new cert. Have the old certificate revoked.
How does something like [Tack](http://tack.io/), which aims to replace traditional centralized certificate authorities with a distributed trust network, handle the case of mass revocation? Since so many certificates in the wild would have a really low trust metric around the same time, it seems like the opportunity would be there for an attack.
0 comments
[ 2.1 ms ] story [ 12.4 ms ] threadNo comments yet.