ティージェーグレェ on Nostr: It was totally possible to encrypt SSL/TLS using self-signed certificates. Arguably, ...
It was totally possible to encrypt SSL/TLS using self-signed certificates.
Arguably, it's actually more secure.
I seem to recall when CanSecWest used to use self signed certificates and I think most of the security community, trusted dragosr (nprofile…j80c) competency more than they trusted commercial CAs.
What Let's Encrypt did was remove the financial onus for using the PKI of the CA framework.
TLS has been, is, and presumably will always be optional for HTTP; regardless of the existence of benevolent entities such as Let's Encrypt at least removing the golden calf idolatry blasphemy of commercial CA vendors as being necessary to avoid warnings in browsers for using self-signed certificates.
IMHO, those warnings aren't actually a bad thing. SSH warns when connecting to a host with a public key that it has never seen before. Browsers do more or less the same thing when encountering a self signed certificate, and that warning can be looked at, and appropriate actions taken.
If anything warning less because browsers are designed to be too user friendly and commercial CAs have been compromised in the past, is probably an argument against browsers.
I'm old enough to remember when Moxie hadn't developed a reputation for TextSecure/RedPhone/Signal and entraption BS, and instead was mostly a researcher doin it for the lulz by illustrating how Internet Explorer failed to check chain of authority stuff. But good luck even finding null-prefix-attacks.pdf on Moxie's website these days, because 404s are all the rage apparently and the web is terrible for actually storing anything reliably (maybe you'll have better luck with archive.org mirrors doing a different deity's work in backing up increasingly ephemeral data, but actually you won't because: http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf results in the following error message from archive.org: "Sorry.
This URL has been excluded from the Wayback Machine.").
CC: nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqs08h5hqyr39p7w3f757j5rsvq2c0hd2q6eya9akyhg4vgwsg5f5s905tyv (nprofile…5tyv)
Arguably, it's actually more secure.
I seem to recall when CanSecWest used to use self signed certificates and I think most of the security community, trusted dragosr (nprofile…j80c) competency more than they trusted commercial CAs.
What Let's Encrypt did was remove the financial onus for using the PKI of the CA framework.
TLS has been, is, and presumably will always be optional for HTTP; regardless of the existence of benevolent entities such as Let's Encrypt at least removing the golden calf idolatry blasphemy of commercial CA vendors as being necessary to avoid warnings in browsers for using self-signed certificates.
IMHO, those warnings aren't actually a bad thing. SSH warns when connecting to a host with a public key that it has never seen before. Browsers do more or less the same thing when encountering a self signed certificate, and that warning can be looked at, and appropriate actions taken.
If anything warning less because browsers are designed to be too user friendly and commercial CAs have been compromised in the past, is probably an argument against browsers.
I'm old enough to remember when Moxie hadn't developed a reputation for TextSecure/RedPhone/Signal and entraption BS, and instead was mostly a researcher doin it for the lulz by illustrating how Internet Explorer failed to check chain of authority stuff. But good luck even finding null-prefix-attacks.pdf on Moxie's website these days, because 404s are all the rage apparently and the web is terrible for actually storing anything reliably (maybe you'll have better luck with archive.org mirrors doing a different deity's work in backing up increasingly ephemeral data, but actually you won't because: http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf results in the following error message from archive.org: "Sorry.
This URL has been excluded from the Wayback Machine.").
CC: nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqs08h5hqyr39p7w3f757j5rsvq2c0hd2q6eya9akyhg4vgwsg5f5s905tyv (nprofile…5tyv)