The private companies that do have incidental root certificates in trust stores,... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		iancarroll on April 12, 2022 \| parent \| context \| favorite \| on: Automate Public Certificates Lifecycle Management ... The private companies that do have incidental root certificates in trust stores, like Visa, are endemic sources of compliance issues. If any company should operate a CA, it should probably not be random enterprise companies. For one example: https://wiki.mozilla.org/CA:Visa_Issues

shartte on April 12, 2022 [–]

I think the parent poster meant that if X.509 Name Constraints were widely deployed, Visas CA could be limited to Visa's TLD+1s. In the same way, government affiliated CAs could be limited to their own country TLDs, or a development CA could be limited to localhost.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact