Show HN: Sslhash: SSL without a certificate authority

Rather pointless to compare the SSL certificate to a hash ofcourse. Why not just compare it to a copy of the certificate. No need to obfuscate and allow user to be fooled with changed hash.

How does expiration work? What happens if an TLS/SSL cert is leaked/compromised? Change the clients as well?

I’m confused, domains are not a barrier to entry (I’d argue that the developer account is a much larger barrier). Why is this a needed thing?