zlacker

>>pimter+(OP)
Google/Microsoft/Apple essentially did this with HTTP/3 too. None of their shipped browsers are able to connect to a non-"CA TLS" HTTP/3 endpoint. To host a HTTP/3 website visitable by a random normal person you have to get continued approval (every 3 months min) from a third party CA corporation for your website.

>>superk+h1
What do you mean approval? You'd need a cert from an entity like Let's Encrypt?

>>2OEH8e+z1
Yep. LetsEncrypt is great but everyone centralizing in them is not so great. Normal browsers having the ability to connect to a bare HTTP endpoint in HTTP/3 would solve any problems that might arise from this centralization. It's a straightforwards and easy thing to fix for the HTTP/3 lib devs and mega-corp browsers using those libs. But no one cares about it.

>>superk+S1
Kinda surprised there isn't a few CAs that set up Let's Encrypt-like automated infrastructure that charge a small subscription fee for certificates. I'd pay $1-$3/m or so for preventing a mono-culture + big attack surface, but don't really want to give up the convenience of Let's Encrypt.

I know there's a big barrier to entry for being a CA (as there should be), but it shouldn't be impossible.

>>packet+H3
> Kinda surprised there isn't a few CAs that set up Let's Encrypt-like automated infrastructure that charge a small subscription fee for certificates.

There are other ACME-compatible CA's.

>>Avaman+24
Oh? Examples?

>>packet+15
https://zerossl.com/ is a popular alternative. https://www.buypass.com/ is another one I haven't personally tried.

>>capabl+S5
Also Google Trust Services has free certificates although you need a Google Cloud project for it.