Hacker News new | past | comments | ask | show | jobs | submit login

Being able to pay isn't a very good barrier. Being broke doesn't mean having no meaningful content, and most attackers who can make serious MitM attacks can pay. CAs are supposed to have real barriers (and I think most of them do).

In this case, though, we don't need a CA. PG could publish the key in an essay and we'd just carry it through manually.




The point of collecting payment for certificates is not that attackers can't afford it, but that it enables the CA to do some cursory verification, and creates a trail of evidence if the certificate is used for a scam later.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: