Hacker News new | past | comments | ask | show | jobs | submit login

They should collect enough up front to make the revocation pre-paid. Refusing to revoke certs results in an unsafe internet and ruins the value of the entire service they are supposed to be providing.



They don't refuse, they charge money for this specific service. Protecting your keys is your obligation, not theirs.


Ensuring that valid certificates issued by them are only used by legitimate owners of the corresponding domains is their obligation.

Unfortunately, it seems as if Mozilla doesn’t care about the security of their users, otherwise this sorry excuse for a CA would have been dropped from their trust store already.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: