Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

HTTPS can be implemented in a decentralized way without a single party having access to your sites visited. DNS-over-HTTPS is by its nature centralized. So is DNS. Your DNS provider has a list of all sites they’ve resolved for you, whether it’s encrypted over using TLS or not. Maybe that doesn’t go against your point, but I wanted to clarify that the two technologies have very different privacy implications.


> HTTPS can be implemented in a decentralized way

How does that work? AFAIK there is always a root authority.


No. There are roots and you can install any root you like including one you create. Is that some amount of centralization? I don't think so though convenience and efficiency encourage it on a single and not very important dimension. Once a CA signs a cert they are no longer involved in the HTTPS protocol and really that's the bulk of the use case. As GP noted, it certainly includes "without a single party having access to your sites visited".


You can install any root you like as long as your device lets you. TVs are less likely to let you install your own root.


Keys can be exchanged without root authority. Root authority is only required for identifying that website owner is who he claims to be.


Yes, and without verifying that the owner is who he claims to be, exchanging keys is not of much value.


I dunno, knowing the owner hasn't changed since last time seems almost as good.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: