Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

EV Certs used to do exactly that for me, that is until browser stopped make the visuals of it special. Don't think it would be even viable today given the short expiry (which is a good thing) of TLS certs necessary for browser

https://en.wikipedia.org/wiki/Extended_Validation_Certificat...



You can still do all the checks you need, they're right there in the connection properties. This website is OV-certified (not EV) to PayPal, Inc. in San Jose by DigiCert Inc.

You do need to know what US state PayPal is registered in for them to work, of course, as proven by https://arstechnica.com/information-technology/2017/12/nope-... during the time EV certificates were still considered special.

I don't see why EV wouldn't be viable. ACME can work with any certificate. A certificate authority can just sign new certificates every week at the request of an authenticated ACME client. The biggest issue with this workflow is the CA's billing flow optimised for the "pay once, hand over a file once" workflow.


I talked about introducing a notability criteria in the US, and other jurisdictions where duplicate registrations are possible. The Chrome people weren't interested.


Shouldn't be an issue to deliver two certificates an short lived one for TLS, an long lived one for the identity




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: