Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Doing content signature verification securely would require all the same "crazy crap" that HTTPS does (certificates, CAs, OCSP, ACME, etc). The PKI is the hard part; once you have that there's very little reason not to encrypt as well as sign.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: