zlacker

[return to "Apple already shipped attestation on the web, and we barely noticed"]
1. superk+h1[view] [source] 2023-07-25 14:15:56
>>pimter+(OP)
Google/Microsoft/Apple essentially did this with HTTP/3 too. None of their shipped browsers are able to connect to a non-"CA TLS" HTTP/3 endpoint. To host a HTTP/3 website visitable by a random normal person you have to get continued approval (every 3 months min) from a third party CA corporation for your website.
◧◩
2. 2OEH8e+z1[view] [source] 2023-07-25 14:17:00
>>superk+h1
What do you mean approval? You'd need a cert from an entity like Let's Encrypt?
◧◩◪
3. superk+S1[view] [source] 2023-07-25 14:18:10
>>2OEH8e+z1
Yep. LetsEncrypt is great but everyone centralizing in them is not so great. Normal browsers having the ability to connect to a bare HTTP endpoint in HTTP/3 would solve any problems that might arise from this centralization. It's a straightforwards and easy thing to fix for the HTTP/3 lib devs and mega-corp browsers using those libs. But no one cares about it.
◧◩◪◨
4. detour+sf[view] [source] 2023-07-25 15:09:54
>>superk+S1
I think the whole changing identity all the time is the exact opposite of a human system. The type of system only a computer could love.

This seems like a such a wrong headed approach. LetsEncrypt favors constantly changing magic handshakes over long term good social behavior.

Imagine a network where machines that misbehaved were ostracised instead of being able to register certificates frequently.

I see the promise in the Fediverse as it's ability to develop reputations.

[go to top]