frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Ask HN: Books/guides/resources about running a public, web CA?

13•_1tan•9mo ago

Comments

cpach•9mo ago
I think the below resources are a good start.

This makes me curious: Do you have a specific goal in mind?

https://github.com/mozilla/pkipolicy

https://www.ccadb.org/

https://cabforum.org/

_1tan•9mo ago
Indeed I do. We run a SaaS in a regulated industry, mainly in Germany. To receive and transmit certain payloads we need to use dedicated TLS certificates from a government run PK infrastructure (Search for "Smart-Meter PKI" if you are curious).

We want to become a sub-CA of this PKI and while we are aware of the policies of this specific PKI, we think that from an engineering or IT ops standpoint we can learn much more from web PKI CAs.

threesevenths•9mo ago
The difficult part of running a ca is convincing others you’re trustworthy. You need to have your business processes audited but an independent third party and then wait for your root to be adopted and deployed in browsers.

The value in exiting providers is their reach; versign for example is deployed in practically every trusted root bundle. When GoDaddy wanted to enter the market, they bought Starfield who already had a root which was widely trusted and crossed that with their own.

The reason people will pay for you to compute a number based on a number they give you and your super secret number is that people trust what you’re doing with your super secret number. And that trust takes time.

viraptor•9mo ago
And when you want to run a public one, you should learn at least everything that cacert did. They tried hard and still never got included. https://www.cacert.org/ That effort seems to be dying and it's been years since anyone asked me to authenticate them.

Some history here. http://wiki.cacert.org/InclusionStatus And that's before root stores had to deal with Honest Achmed's Used Cars and Certificates.

solardev•9mo ago
How did LetsEncrypt get acceptance everywhere?
hulitu•9mo ago
They were Mozilla's child.
cpach•9mo ago
In the beginning they partnered with an existing CA so that they could issue certificates that where chained to roots already trusted by the major browsers.

“Getting a new root trusted and propagated broadly can take 3-6 years. In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root ‘vouches for’ the certificates that we issue, thus making our certificates trusted.”

https://letsencrypt.org/2015/10/19/lets-encrypt-is-trusted/

https://letsencrypt.org/2016/08/05/le-root-to-be-trusted-by-...

https://letsencrypt.org/2023/07/10/cross-sign-expiration/

Show HN: SafeClaw – a way to manage multiple Claude Code instances in containers

https://github.com/ykdojo/safeclaw
1•ykdojo•1m ago•0 comments

The Future of the Global Open-Source AI Ecosystem: From DeepSeek to AI+

https://huggingface.co/blog/huggingface/one-year-since-the-deepseek-moment-blog-3
1•gmays•2m ago•0 comments

The Evolution of the Interface

https://www.asktog.com/columns/038MacUITrends.html
1•dhruv3006•3m ago•0 comments

Azure: Virtual network routing appliance overview

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-routing-appliance-overview
1•mariuz•4m ago•0 comments

Seedance2 – multi-shot AI video generation

https://www.genstory.app/story-template/seedance2-ai-story-generator
1•RyanMu•7m ago•1 comments

Πfs – The Data-Free Filesystem

https://github.com/philipl/pifs
1•ravenical•10m ago•0 comments

Go-busybox: A sandboxable port of busybox for AI agents

https://github.com/rcarmo/go-busybox
2•rcarmo•11m ago•0 comments

Quantization-Aware Distillation for NVFP4 Inference Accuracy Recovery [pdf]

https://research.nvidia.com/labs/nemotron/files/NVFP4-QAD-Report.pdf
1•gmays•12m ago•0 comments

xAI Merger Poses Bigger Threat to OpenAI, Anthropic

https://www.bloomberg.com/news/newsletters/2026-02-03/musk-s-xai-merger-poses-bigger-threat-to-op...
1•andsoitis•12m ago•0 comments

Atlas Airborne (Boston Dynamics and RAI Institute) [video]

https://www.youtube.com/watch?v=UNorxwlZlFk
1•lysace•13m ago•0 comments

Zen Tools

http://postmake.io/zen-list
1•Malfunction92•16m ago•0 comments

Is the Detachment in the Room? – Agents, Cruelty, and Empathy

https://hailey.at/posts/3mear2n7v3k2r
1•carnevalem•16m ago•0 comments

The purpose of Continuous Integration is to fail

https://blog.nix-ci.com/post/2026-02-05_the-purpose-of-ci-is-to-fail
1•zdw•18m ago•0 comments

Apfelstrudel: Live coding music environment with AI agent chat

https://github.com/rcarmo/apfelstrudel
1•rcarmo•19m ago•0 comments

What Is Stoicism?

https://stoacentral.com/guides/what-is-stoicism
3•0xmattf•20m ago•0 comments

What happens when a neighborhood is built around a farm

https://grist.org/cities/what-happens-when-a-neighborhood-is-built-around-a-farm/
1•Brajeshwar•20m ago•0 comments

Every major galaxy is speeding away from the Milky Way, except one

https://www.livescience.com/space/cosmology/every-major-galaxy-is-speeding-away-from-the-milky-wa...
2•Brajeshwar•20m ago•0 comments

Extreme Inequality Presages the Revolt Against It

https://www.noemamag.com/extreme-inequality-presages-the-revolt-against-it/
2•Brajeshwar•20m ago•0 comments

There's no such thing as "tech" (Ten years later)

1•dtjb•21m ago•0 comments

What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work

https://medium.com/@aglaforge/what-really-killed-flash-player-a-six-year-campaign-of-deliberate-p...
1•jbegley•21m ago•0 comments

Ask HN: Anyone orchestrating multiple AI coding agents in parallel?

1•buildingwdavid•23m ago•0 comments

Show HN: Knowledge-Bank

https://github.com/gabrywu-public/knowledge-bank
1•gabrywu•28m ago•0 comments

Show HN: The Codeverse Hub Linux

https://github.com/TheCodeVerseHub/CodeVerseLinuxDistro
3•sinisterMage•29m ago•2 comments

Take a trip to Japan's Dododo Land, the most irritating place on Earth

https://soranews24.com/2026/02/07/take-a-trip-to-japans-dododo-land-the-most-irritating-place-on-...
2•zdw•29m ago•0 comments

British drivers over 70 to face eye tests every three years

https://www.bbc.com/news/articles/c205nxy0p31o
40•bookofjoe•30m ago•13 comments

BookTalk: A Reading Companion That Captures Your Voice

https://github.com/bramses/BookTalk
1•_bramses•31m ago•0 comments

Is AI "good" yet? – tracking HN's sentiment on AI coding

https://www.is-ai-good-yet.com/#home
3•ilyaizen•32m ago•1 comments

Show HN: Amdb – Tree-sitter based memory for AI agents (Rust)

https://github.com/BETAER-08/amdb
1•try_betaer•32m ago•0 comments

OpenClaw Partners with VirusTotal for Skill Security

https://openclaw.ai/blog/virustotal-partnership
2•anhxuan•32m ago•0 comments

Show HN: Seedance 2.0 Release

https://seedancy2.com/
2•funnycoding•33m ago•0 comments