Remix clone Hacker News

I suggest you buy products from vendors who care about the modern WebPKI. I don't think the browser root programs are going to back down on this stuff.

▲

nickf 4 days ago | parent | next [-]

This. Also, re-evaluate how many places you actually need public trust that the webPKI offers. So many times it isn't needed, and you make problems for yourself by assuming it does. I have horror stories I can't fully disclose, but if you have closed networks of millions of devices where you control both the server side and the client side, relying on the same certificate I might use on my blog is not a sane idea.

▲

whs 4 days ago | parent | prev | next [-]

Agree. My company was cloud first, and when we built the new HQ buying Cisco gear and VMware (as they're the only stack several implementers are offering) it felt like we were sending the company 15 years backwards

▲

zephius 4 days ago | parent | prev [-]

I agree, and we try, however that is not a currently widely supported feature in the boring industry specific business software/hardware space. Maybe now it will be, so time will tell.

	▲	ignaloidas 3 days ago \| parent \| next [-]
		Hey, you now have a specific cost to point to when arguing for/against solutions that have this problem. "each deployment will cost us at least 12 specialist hours per year just replacing the certificates" is a non-negligible cost that even the least tech-minded people will understand, and it can be a good lever for requiring the support.
	▲	ikiris 3 days ago \| parent \| prev [-]
		Reverse proxies exist. If you don’t like having to do that then have requirements for standards of the past 10 years in your purchasing.