alt Hacker NewsWell yes, CAs and the ICANN model of DNS are intertwined and fundamentally broken in multiple ways. However the system as a whole is largely "good enough" as can be seen from its broad success under highly adversarial conditions in the real world.
Well yes, CAs and the ICANN model of DNS are intertwined and fundamentally broken in multiple ways. However the system as a whole is largely "good enough" as can be seen from its broad success under highly adversarial conditions in the real world.
That's not really how security works. Either it's broken, or it's not. Security is only as good as the weakest link in the chain. Whether it's good enough or not... hard to say.