Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The use of TLS for QUIC does not imply or require the use of the Web PKI which is what I assume you're thinking of by "certificate authorities outside to validate packages".


> "The use of TLS for QUIC does not imply or require the use of the Web PKI"

Handling certificate revocations (which would be needed to "ensure security"), does indeed imply the use of some way to check for the revocations in a timely manner. The revocation lists themselves can be tampered-with.


You've jumped from assuming the Web PKI, which isn't required, to assuming online revocation checks, which is even more not required.


So how does your imaginary version of a transport-layer guarantee a message can't be tampered with if it trusts keys which are revoked?


Web PKI is not the only way to revoke keys.


> "Web PKI is not the only way to revoke keys."

You're not answering my question (we both know why), and I never mentioned anything about WebPKI in any of my comments anyways.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: