> "I don't care who is using my API as long as they are a company" is indeed a v... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		account42 16 days ago \| parent \| context \| favorite \| on: Upcoming changes to Let's Encrypt and how they aff... > "I don't care who is using my API as long as they are a company" is indeed a very stupid access model, but then I think the problem is deeper than just cert validation It's not stupid if you reframe it as "you can only use my API if you give me a cryptographically verifiable trace to your legal identity".

xg15 16 days ago [–]

That's true if it worked, but I think there was the problem that EV names aren't always enough to trace back the legal entity? At least that's what I read, it might be wrong.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact