Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Things like extended validation was invented solely to print more money and should be phased out of web browsers. They are not "more secure" and should not be regarded as such in any user interface.

I think it would be great if something like EV certificates were available from national governments.

We have pretty solid digital ID support in Austria, but all the tech for signing and authenticating documents (useful for invoices or account statements) require special software, and aren't built into web browsers and email clients that people use.

It would be nice if I clicked a link in an invoice email, if I could check that aws-billing.at is indeed a domain that belongs to "Amazon Web Services" registered in Austria or if it is a phishing attempt from a script kiddie in a foreign country.



That could be usable for certain specialized applications, such as the authentication of documents you mention, but for not authenticating web sites.

For domains this assumption been proven wrong in practice several times. There are too many issues with almost identical names, or names that merely look identical but aren't, or just the difference between "Amazon Web Services Inc." in two different jurisdictions.

Troy Hunt has made several long blog posts with some convincing real world examples.

It is easier for end users to see which is more reputable of "amazon.com" and "amaz0n.biz", than it is to value "Amazon Inc." against "Amazon Cloud Services". It is not that the CAs are doing a bad job. It's that domains are the identity we really care about.

Furthermore, I am of the opinion that CAs should be destroyed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: