And who is going to issue you a reasonably-priced intermediate cert? Especially ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		amluto on July 6, 2015 \| parent \| context \| favorite \| on: Forthcoming OpenSSL releases And who is going to issue you a reasonably-priced intermediate cert? Especially since PKIX name constraints don't actually work, so that intermediate cert would let you sign just about anything.

Hoff on July 6, 2015 [–]

For your own web servers and your own clients, use your own CA and your own certs.

eropple on July 6, 2015 | [–]

This isn't a serious solution except for intranets--and this problem exists most pressingly on the internet to begin with.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact