Remix clone Hacker News

lol no? lower cert times still extend the root certificates that are already trusted. It is not a noticeable thing when browsing the web as a user.

A MITM cert would need to be manually trusted, which is a completely different thing.

▲

Lammy 3 days ago | parent [-]

I think their point is that a hypothetical connection-specific cert would make it difficult/impossible to compare your cert with anybody else to be able to find out that it happened. A CA could be backdoored but only “tapped” for some high-value target to diminish the chance of burning the access.

	▲	woodruffw 3 days ago \| parent \| next [-]
		> I think their point is that a hypothetical connection-specific cert would make it difficult/impossible to compare your cert with anybody else to be able to find out that it happened. This is already the case; CT doesn't rely on your specific served cert being comparable with others, but all certs for a domain being monitorable and auditable. (This does, however, point to a current problem: more companies should be monitoring CT than are currently.)
	▲	roblabla 3 days ago \| parent \| prev \| next [-]
		Well, the cert can still be compared to what's in the CT Log for this purpose.
	▲	sitkack 3 days ago \| parent \| prev [-]
		Yes, precisely.