zlacker

[parent] [thread] 2 comments
1. superk+(OP)[view] [source] 2023-07-25 13:37:03
You can. It's just that no browser that supports HTTP/3 will accept it as a legit endpoint with a valid root. So they won't connect to the HTTP/3 endpoint at all and you won't be able to access the HTTP/3 self-signed website.

And before anyone goes there, no, setting up your own root CA is not an option. Unless you get can Google/Apple/Mozilla/etc to include your root CA in their browser trust stores it doesn't help a random person visit your website at all.

replies(2): >>sgammo+fU1 >>fruitr+TY2
2. sgammo+fU1[view] [source] 2023-07-25 20:53:43
>>superk+(OP)
That's still self-signing. So the extra steps are immaterial to the point.
3. fruitr+TY2[view] [source] 2023-07-26 05:29:00
>>superk+(OP)
>You can. It's just that no browser that supports HTTP/3 will accept it as a legit endpoint with a valid root. So they won't connect to the HTTP/3 endpoint at all and you won't be able to access the HTTP/3 self-signed website.

So long as there's a way to bypass verification or configure the trust store I'm okay with it. Is there official policy stating that this won't be possible or is this prediction?

As I understand it the primary reason for this push is that non-technical users too often skip security warnings, but I'm of the position there MUST at least be a way to bypass verification no matter what (through keyboard combos or a configurable trust store).

[go to top]