Thoughts, Any Forums?
Thoughts, Any Forums?
Easton Hernandez
Other urls found in this thread:
michael.orlitzky.com
twitter.com
Sebastian Foster
No. My head is empty.
Gabriel Bailey
honeypot
Hudson Flores
🤔
Adrian Davis
Certbot just werks.
Ryder Smith
Fucking garbage. We should use self-signed certificates for TLS
Nolan Moore
Why do I have to ask someone else's permission to use https in my home lab?
Easton Morris
I'm all for getting something better than the current CA infrastructure we use for HTTPS/TLS because it is flawed due to CA compromise (I use a local CA for anything TLS in my home network to avoid the flaws but a typical public website shouldn't do this because it doesn't help the current situation).
But suggesting trust-on-first-use like what SSH uses by default for the web is stupid. TOFU's security model relies on you having secure access to the server on first use to check that the host key fingerprint is correct (eg. you have a server at home connected to a keyboard and monitor, and you can see their host key fingerprint on the monitor, and therefore know it's identical with the host key fingerprint shown on the client upon first connecting).
If I wanted to go on a random website for the first time, I'd need to meet them in person to get their host key fingerprint, which is absolutely not happening.
Gabriel Roberts
>muh mitm
Good luck MITMing between LE servers and my cloud provider. MITM is performed near the client, not the server.
>auto renew bad
Automatic renewal is THE way to go nowadays. Manually installing certificates is a fool's errand. If your tool is not reliable enough to give you a correct certificate every time, the solution is to get a tool that works or fix it, not replace the tool with manual labor.
David Hall
Operate your own CA.
Luke Foster
Dunno what to think, it just werks.
Liam Barnes
Seems fine. I switched to them as soon as they started and I've had no issues so far. I've never used the official certbot client on my own servers, but I set it up at work. PKI is a scam and I wish there was a way to validate HTTPS through DNS (that wasn't shit like DNSSEC/DANE) or everyone just used TOFU instead, but if PKI has to exist, it's a good thing that there's free certs.
Noah Robinson
:D
Charles White
um. doesn't that defeat the purpose of a trust network?
Ayden Robinson
> what is a man in the middle attack?
Hudson Green
I don't trust a website if it don't have an overpriced Symantec or Comodo certificate
Sent from my Xiaomi - Redmi Note 7
Eli Scott
Ultra based.
Michael Jackson
what a retard
Sent from my Google - Pixel 2 XL
Mason Kelly
> The Let's Encrypt project was started in 2012 by two Mozilla employees, Josh Aas and Eric Rescorla, together with Peter Eckersley at the Electronic Frontier Foundation and J. Alex Halderman at the University of Michigan.
Why does Mozilla always fuck up everything up
Logan Wright
Your pants are not OwO
Sent from my Xiaomi - Mi 9T Pro
Daniel Reed
>I don't trust a website unless they're retarded with money