top | item 46955563

(no title)

nightpool | 20 days ago

GP gave a very good reason that non-web-PKI reduces security, you just refused to accept it. Anybody who has read any CA forum threads over the past two years is familiar with how big of a policy hole mixed-use-certificates are when dealing with revocation timelines and misissuance.

discuss

notepad0x90|19 days ago

"it's complicated" is not the same as "it's insecure". Google feels like removing this complexity improves security for web-pki. Improving security is not the same as saying something is insecure. Raising security for web-pki is not the same as caliming non-web-pki usage is insecure or is degrading security expectations of web-pki users. It's just google railroading things because they can. You can improve security by also letting Google decide and control everything, they have the capability and manpower. But we don't want that either.

sam_lowry_|19 days ago

> non-web-PKI reduces security

How exactly?

account42|19 days ago

There was no good reason given only a "trust me bro".