Luke-Jr [ARCHIVE] on Nostr: 📅 Original date posted:2011-12-19 🗒️ Summary of this message: Proposal to ...
📅 Original date posted:2011-12-19
🗒️ Summary of this message: Proposal to limit trusted CA certificates for Bitcoin client to those with good identity verification practices, but this may limit accessibility.
📝 Original message:On Monday, December 19, 2011 6:44:59 AM Andy Parkins wrote:
> Perhaps we should be more strict about which CA certificates are trusted by
> the bitcoin client: say restrict it to those who have demonstrably good
> practices for verifying identity; rather than the ridiculous amount of
> trust that comes pre-installed for me in my browser.
Accepted CAs is/should be a property of your *operating system*, not any
particular software. Anyhow, restricting this further just makes it even more
unusable. Already there is only 1 or 2 CAs that will provide a gratis
certificate for personal/small users. If you only allow high-class CAs, I
imagine that will restrict "no key in the URI" aliases to those who will fork
over a lot of money.
🗒️ Summary of this message: Proposal to limit trusted CA certificates for Bitcoin client to those with good identity verification practices, but this may limit accessibility.
📝 Original message:On Monday, December 19, 2011 6:44:59 AM Andy Parkins wrote:
> Perhaps we should be more strict about which CA certificates are trusted by
> the bitcoin client: say restrict it to those who have demonstrably good
> practices for verifying identity; rather than the ridiculous amount of
> trust that comes pre-installed for me in my browser.
Accepted CAs is/should be a property of your *operating system*, not any
particular software. Anyhow, restricting this further just makes it even more
unusable. Already there is only 1 or 2 CAs that will provide a gratis
certificate for personal/small users. If you only allow high-class CAs, I
imagine that will restrict "no key in the URI" aliases to those who will fork
over a lot of money.