> Why worry about E2E encryption, in theory just need a cert issued from a vast ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		JoshTriplett 35 days ago \| parent \| context \| favorite \| on: Independent review of UK national security law war... > Why worry about E2E encryption, in theory just need a cert issued from a vast array of CAs or intermediates. Certificate Transparency thankfully means this is a tool a government could only use once if at all, and then they've burned an entire CA.

CommanderData 35 days ago [–]

Isn't certificate transparency opt-in, so any trusted CA could be a potential attack route.

JoshTriplett 35 days ago | [–]

Browsers now require it to consider a certificate valid. Firefox, Chrome, and Safari all require a certificate to include proof of being logged in CT logs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact