alt Hacker NewsI just find it incredible that in 30+ years the industry hasn't adapted one bit to the brittle failure modes of certificates. I did some subcontract work with Verisign to deploy their CA infrastructure back in the early oughties and it felt like a solution was overdue way back then. I was at Google in the teensies when gmail broke due to expired SMTP certs. WAAAY overdue by then. Here we are, a decade later and it's still the same lol.
Replies
packetlost • yesterday at 8:19 PM
I mean, what's the alternative? I struggle to come up with a solution that doesn't boil down to the same primitive operations and trust model.
Other than automating renewal - which we have made huge strides on - what adaption would you want to see?