• Sparking
    link
    fedilink
    English
    141 year ago

    Firefox could always spoof the standard to maintain compatibility.

    • pacoboyd
      link
      fedilink
      English
      101 year ago

      If it could be spoofed easily, wouldn’t that defeat the point?

      I mean you can’t just “spoof” a ssl cert or private ssh key, I have to assume this is at least that good.

        • Sparking
          link
          fedilink
          English
          11 year ago

          Yeah, I just don’t get the point of what Google is doing with all of this. The while point is to require attestation because than you know people are viewing ads. So websites can either “trust” certs issued by Firefox, or not and lose out on ad revenue. I guess Google absence doesn’t have to trust firefoz attestation, but then it is going to payout less and people will seek other providers.

          SSL certs provide trust because you ultimately trust the issuing authority, which is supposedly garunteednby world governments. Their are known corrupt actors issuing certs, but ultimately you can be pretty sure that the SSL cert matches the domain you are on, and that it was requested by the owner of that domain. But you can still choose to not visit that domain if you don’t trust it. There are a lot of services that will block its already, so I don’t really get what the point of attestation is.