mirror of git://git.qorg11.net/kill9.git
Added CA article
This commit is contained in:
qorg11
parent
b99c6c9dfe
commit
ce89063238
|
|
@ -0,0 +1,53 @@
|
|||
# Certificate authority and its consequences have been a disaster for the human race
|
||||
|
||||
>Should CA exist in 2k20?
|
||||
|
||||
--- Me
|
||||
|
||||
>no.
|
||||
>I don't see a problem in self-signed ceritificates for web to be
|
||||
>honest. Instead of relying on CA, browser should remember it's
|
||||
>fingerprint and warn if it was changed.
|
||||
|
||||
--- a1batross
|
||||
|
||||
>please add certificate chains and the insane prices from verisign or
|
||||
>such that are literally a govt-funded scam :DDDD
|
||||
|
||||
--- caskd
|
||||
|
||||
Ever wondered why you have to pay to secure your website? Or trust
|
||||
whatever ACME is?
|
||||
|
||||
There are companies who got their crypto signatures hardcoded in
|
||||
browsers, so the browser automatically accepts that signature without
|
||||
asking you. And you have to ***renew*** the cert every year/3
|
||||
months/dunno. This wouldn't happen with self signed certs, since you
|
||||
don't have to renew them ever because... you made them...
|
||||
|
||||
When you visit a website that doesn't have a certificate signed by a
|
||||
shill, you get this:
|
||||
|
||||
<img src="shills.png" width="500"/>
|
||||
|
||||
Browser may say that the website is insecure and shit, but it isn't:
|
||||
the connection is still **perfectly** secure between you and the
|
||||
server. Or even stronger, since self signed certs can be whatever you
|
||||
want, RSA8192, ECC512, you name it.
|
||||
|
||||
I trust more **my friend's** signature than some random corporation,
|
||||
who got their signature *hardcoded* in browsers.
|
||||
|
||||
## Why does this thing exist?
|
||||
|
||||
* Corps can make money out of this
|
||||
* Monopolies, It's not that easy to get your signature hardcoded in
|
||||
browsers.
|
||||
|
||||
## Alternatives
|
||||
|
||||
* What a1batross said.
|
||||
* TOFU: (Trust on first use) (What ssh prompts when you log in for
|
||||
first time)
|
||||
* Use .onion, .i2p, .loki... Any of those works without CA and it's
|
||||
perfectly end to end encrypted
|
||||
|
|
@ -22,5 +22,6 @@ bloated!) you have to fallback to HTML.
|
|||
|
||||
## Alternatives
|
||||
|
||||
* plain text
|
||||
* org-mode
|
||||
* Jumping in the eye of a hurricane
|
||||
|
|
|
|||
Binary file not shown.
|
After Width: | Height: | Size: 54 KiB |
|
|
@ -26,7 +26,8 @@ plus centralization makes it perfect for privacy.
|
|||
|
||||
* not run by a russian mobster
|
||||
* Descentralizated
|
||||
* Built-in cryptography
|
||||
* You can enable encryption in a desktop client
|
||||
* You can setup your own server
|
||||
* Does not require phone number
|
||||
|
||||
## xmpp advantages over Signal
|
||||
|
|
@ -34,6 +35,7 @@ plus centralization makes it perfect for privacy.
|
|||
* Does not require phone number (kek, a privacy oriented software
|
||||
requires your phone number)
|
||||
* You can trust the encryption
|
||||
* You can setup your own server
|
||||
|
||||
## xmpp flaws
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue