Because your client (generally a browser) is configured to implicitly trust a gr... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ekimekim on June 1, 2015 | parent | context | favorite | on: Quick fix for an early Internet problem lives on a...

Because your client (generally a browser) is configured to implicitly trust a group of companies called "root Certificate Authorities" (root CAs). Now, consider one such company head-quartered in China, or the US. The governments of both countries have the power to secretly demand such a company's keys, then use them to make your client trust whichever endpoint they chose.

eli on June 1, 2015 [–]

That's still considerably better than sending unencrypted HTTP over the wire in pretty much every way.

stefantalpalaru on June 1, 2015 | [–]

Better, but not good enough.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact