Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think literally forever is an exaggeration (as it pretty much always is). But the point is that you have to trust them for longer than you would like to, because once they've signed the certificates for a huge chunk of the internet, you can't take them back out without breaking a ton of stuff. Meanwhile as long as they remain trusted they can keep signing new certificates and making it that much harder to ever remove them.

The ones that get permanently removed are generally because they've already gone out of business.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: