zlacker

[return to "Apple already shipped attestation on the web, and we barely noticed"]
1. superk+h1[view] [source] 2023-07-25 14:15:56
>>pimter+(OP)
Google/Microsoft/Apple essentially did this with HTTP/3 too. None of their shipped browsers are able to connect to a non-"CA TLS" HTTP/3 endpoint. To host a HTTP/3 website visitable by a random normal person you have to get continued approval (every 3 months min) from a third party CA corporation for your website.
◧◩
2. 2OEH8e+z1[view] [source] 2023-07-25 14:17:00
>>superk+h1
What do you mean approval? You'd need a cert from an entity like Let's Encrypt?
◧◩◪
3. superk+S1[view] [source] 2023-07-25 14:18:10
>>2OEH8e+z1
Yep. LetsEncrypt is great but everyone centralizing in them is not so great. Normal browsers having the ability to connect to a bare HTTP endpoint in HTTP/3 would solve any problems that might arise from this centralization. It's a straightforwards and easy thing to fix for the HTTP/3 lib devs and mega-corp browsers using those libs. But no one cares about it.
◧◩◪◨
4. cybera+ta[view] [source] 2023-07-25 14:51:59
>>superk+S1
Why? Just skip the CA verification when you use HTTP/3. Done.

While this is less secure than a verified certificate, it still avoids plaintext on the wire and requires an active MITM to eavesdrop.

[go to top]