Let's use QR codes then! Do we have to have a central registry/key server if we verify a domain's certificate? Isn't that enough to tell us that that domain and, hence, that public key is owned by that manufacturer? Or am I getting something wrong? How does Chrome know that a site's cert is good and valid? How are certificate authorities (CAs) overseen?
On Wednesday, December 27, 2017 at 1:10:50 AM UTC-5, Tamás Gulácsi wrote: > > We have to enforce some kind of central registry for the manufacturers, to > avoid that anybody can create a key pair, use our software, and have vald > unique verifiable codes, but be a drug counterteiter. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
