zlacker

[return to "Apple already shipped attestation on the web, and we barely noticed"]
1. superk+h1[view] [source] 2023-07-25 14:15:56
>>pimter+(OP)
Google/Microsoft/Apple essentially did this with HTTP/3 too. None of their shipped browsers are able to connect to a non-"CA TLS" HTTP/3 endpoint. To host a HTTP/3 website visitable by a random normal person you have to get continued approval (every 3 months min) from a third party CA corporation for your website.
◧◩
2. 2OEH8e+z1[view] [source] 2023-07-25 14:17:00
>>superk+h1
What do you mean approval? You'd need a cert from an entity like Let's Encrypt?
◧◩◪
3. superk+S1[view] [source] 2023-07-25 14:18:10
>>2OEH8e+z1
Yep. LetsEncrypt is great but everyone centralizing in them is not so great. Normal browsers having the ability to connect to a bare HTTP endpoint in HTTP/3 would solve any problems that might arise from this centralization. It's a straightforwards and easy thing to fix for the HTTP/3 lib devs and mega-corp browsers using those libs. But no one cares about it.
◧◩◪◨
4. packet+H3[view] [source] 2023-07-25 14:26:20
>>superk+S1
Kinda surprised there isn't a few CAs that set up Let's Encrypt-like automated infrastructure that charge a small subscription fee for certificates. I'd pay $1-$3/m or so for preventing a mono-culture + big attack surface, but don't really want to give up the convenience of Let's Encrypt.

I know there's a big barrier to entry for being a CA (as there should be), but it shouldn't be impossible.

◧◩◪◨⬒
5. Avaman+24[view] [source] 2023-07-25 14:27:48
>>packet+H3
> Kinda surprised there isn't a few CAs that set up Let's Encrypt-like automated infrastructure that charge a small subscription fee for certificates.

There are other ACME-compatible CA's.

◧◩◪◨⬒⬓
6. packet+15[view] [source] 2023-07-25 14:31:27
>>Avaman+24
Oh? Examples?
[go to top]