If you create an account on happykittens.com, you don't really care if the cert ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		y0ghur7_xxx on Aug 15, 2008 \| parent \| context \| favorite \| on: Mozilla SSL policy bad for the Web If you create an account on happykittens.com, you don't really care if the cert happykittens.com is sending you is signed by a trusted CA. What you care about is that the second time you visit the site, when you log in with your brand new account, that the cert the site sends you is the same you received when you created the account (the site is the same you created the account on). This has nothing to do with the fact that the cert is signed from a trusted CA or not, and thus, making it difficult for the user to accept a SS cert is not the right solution IMHO.

tptacek on Aug 15, 2008 [–]

Key continuity is a fine answer to this problem. Just come up with a way to provide it on every device every user might reasonably want to log in from, for every site on the Internet.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact