zero knowledge posted:and that’s exactly what’s interesting here: isn’t it a big honking conflict of interest for one company to run both a CA and a root program? — not just that but THE most powerful root program that de facto runs trust on the web they're also the originators of quic which has language that's designed to let them make tracking people much easier - and it's already being used plenty and will be adopted more, because it has some of the best features of sctp, while not requiring a complete rework of internet infrastructure.
|
|
![]() |
|
![]()
|
# ? Jun 10, 2024 14:11 |
|
okay made the larger analysis public: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/J3aX8OKIT_A/m/xB723PIsAQAJ
|
![]() |
|
Wiggly Wayne DDS posted:okay made the larger analysis public: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/J3aX8OKIT_A/m/xB723PIsAQAJ also appreciate your summary of entrust: "refusing to revoke in violation of BR and their CPS" really making it clear what's going on there
|
![]() |
|
Antigravitas posted:It's not going to happen over some typos or missing fields that aren't critically important, but I can absolutely see the EU deciding that having rogue and evidently unaccountable CAs trusted on its infrastructure is not in its interest… step 1 is to mandate that browsers deployed in EU countries shall include government CAs in trusted roots. once you have that, "do we really need the others" is just a small step away. the wheels are in motion
|
![]() |
|
Antigravitas posted:The real question in my mind is the implication for the self-governance model if an organisation just refuses to be governed by it. If CAs can just ignore rules without consequences, there will come a point when a nation state or supranational organisation will decide that the model isn't working. yep. i don't think it is any exaggeration that the self-governance is on permanent thin ice. that probably means both that things will have to at least *appear* to work better than this, and, very unfortunate for the entertainment value of the thread, that just cold turkey distrusting can't really happen. like if the self-governance breaks a bunch of poo poo it probably starts being discussed real hard if that is how things should continue, even though the action itself was by the rules.
|
![]() |
|
redleader posted:booooring spankmeister posted:after 600+ and counting posts of this poo poo there had better be some blood at the end i lust for CA death
|
![]() |
|
Honestly, I just want a walking corpspeak generator to actually experience consequences for only spewing bullshit instead of attempting to solve problems or (heaven forbid) admit that they made a mistake
|
![]() |
|
![]()
|
![]() |
|
Lolling at this thread, especially this post
|
![]() |
|
|
![]() |
|
|
![]() |
|
![]()
|
![]() |
|
buddy, they won’t even let me revoke certs
|
![]() |
|
|
![]() |
|
|
![]() |
|
|
![]() |
|
|
![]() |
|
sitting in the tram at 11:20 pm Saturday evening laughing out loud at this post getting weird looks from my fellow passengers
|
![]() |
|
|
![]() |
|
can we make an image the thread title?
|
![]() |
|
|
![]() |
|
spankmeister posted:can we make an image the thread title? Goddamn do I wish. Someone can at least update the OP.
|
![]() |
|
|
![]() |
|
|
![]() |
|
please help, my family is dying… revoke the certs No
|
![]() |
|
namlosh posted:please help, my family is dying… stop spending so much on being an active participant in the ecosystem and advocating to your customers for certificate agility
|
![]() |
|
lament.cfg posted:buddy, they won’t even let me revoke certs
|
![]() |
|
IF THE CAB DISTRUSTS ME FOR CONTINUING TO ISSUE CERTS I WILL FACE GOD AND WALK BACKWARDS INTO BANKRUPTCY
|
![]() |
|
pre:D E C E R T I F Y Y O U R S E L F A N D F A C E T O W A R D S B U G Z I L L A
|
![]() |
|
Volmarias posted:Honestly, I just want a walking corpspeak generator to actually experience consequences for only spewing bullshit instead of attempting to solve problems or (heaven forbid) admit that they made a mistake
|
![]() |
|
Volmarias posted:Honestly, I just want a walking corpspeak generator to actually experience consequences for only spewing bullshit instead of attempting to solve problems or (heaven forbid) admit that they made a mistake
|
![]() |
|
░R░E░V░O░K░E░D░░C░E░R░T░S░░I░N░░B░I░O░
|
![]() |
|
gnatalie posted:░R░E░V░O░K░E░D░░C░E░R░T░S░░I░N░░B░I░O░S░
|
![]() |
|
gnatalie posted:░R░E░V░O░K░E░D░░C░E░R░T░S░░I░N░░B░I░O░
|
![]() |
|
gnatalie posted:░R░E░V░O░K░E░D░░C░E░R░T░S░░I░N░░B░I░O░ please file a bug for non-conformance with the TLS BRs
|
![]() |
|
actual lol
|
![]() |
|
oooh part 3 is up: https://webpki.substack.com/p/entrust-considered-harmful-part-3
|
![]() |
|
notable highlights i think should be noted in there imoWiggly Wayne DDS posted:2020-08-12: Entrust: Invalid data in State/Province Field
|
![]() |
|
Wiggly Wayne DDS posted:oooh part 3 is up: https://webpki.substack.com/p/entrust-considered-harmful-part-3 I love these, thank Amir for writing these up in a public place. This is a lot more shareable in professional environments than this thread.
|
![]() |
|
![]()
|
# ? Jun 10, 2024 14:11 |
|
Wiggly Wayne DDS posted:2020-10-23: Entrust: Subscriber provides private key with CSR lmao
|
![]() |