@matrix The Satanic pedophile elites don’t want you to know you can create and sign your own certificates. I have signed 487 certificates.
Conversation
Notices
-
Embed this notice
dobó istván (istvan@noauthority.social)'s status on Tuesday, 20-Feb-2024 21:56:16 JST 
dobó istván
-
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 20-Feb-2024 21:56:12 JST 
翠星石
@FourOh-LLC @matrix Sorry, but I'd just like to interject for a moment.
Secure Sockets Layer is deprecated and insecure and little better than null encryption.
You want at least version 1.2 of Transport Layer Security (TLS), or better version 1.3.
CAcert is another gratis option, but that only works for those who have imported CAcerts root certificate.
You really don't need to rely on Certificate Authorities (it's actually a bad idea, as all of them glow as bright as the sun), you can just sign your own root authority, the problem then is convincing people to install your non-glowing root authority alongside all the glowing ones they have already installed. -
Embed this notice
FourOh-LLC (fouroh-llc@pkteerium.xyz)'s status on Tuesday, 20-Feb-2024 21:56:13 JST 
FourOh-LLC
If you need SSL today go with Let's Encrypt because there are no "cost-free alternatives".
That's all. -
Embed this notice
dobó istván (istvan@noauthority.social)'s status on Tuesday, 20-Feb-2024 21:56:14 JST
dobó istván
@FourOh-LLC @matrix Internet != World Wide Web
-
Embed this notice
FourOh-LLC (fouroh-llc@pkteerium.xyz)'s status on Tuesday, 20-Feb-2024 21:56:15 JST
FourOh-LLC
You cannot create your own SSL certificate and expect it to work on the internet in the browser.
There was an effort once called the DANE but it failed so we have Let's Encrypt instead, which works well-enough.
Blockchains are slowly transferring us away from all the nightmare of DNS and SSL all that crap, so don't expect a lot of new RFCs that will allow your self-issued (not self-signed) certificates to evolve.
https://en.wikipedia.org/wiki/Self-signed_certificate -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Wednesday, 21-Feb-2024 22:39:33 JST
翠星石
@FourOh-LLC >What is the return in trying to compromise a single-user system, which has no data
Even single user systems are quite valuable due to how all computers are now very fast and many are behind an acceptable internet connection - this is proven by how many crackers love to make botnets out of single user systems.
>and it will shut down by the ISP for sending out traffic under the suspicion of a DoS attack?
From an attackers point of view, it's extremely rare for decently programmed malware to be discovered on single-user systems and even rarer for the internet connection to be cut off, as you can get away with sending a lot of things over a residential connection without anyone noticing, up to a point.
In many places in the world, ISPs artificially limit upload so severely that you couldn't reliably detect a DoS attack from such uploader, as the upload is often maxed on during general internet usage. -
Embed this notice
FourOh-LLC (fouroh-llc@pkteerium.xyz)'s status on Wednesday, 21-Feb-2024 22:39:34 JST
FourOh-LLC
Lets assume for a second that we are all dependent on the upstream, and the best we can do is maintain a safe and secure system to a practical level.
What is the return in trying to compromise a single-user system, which has no data and it will shut down by the ISP for sending out traffic under the suspicion of a DoS attack?
I had nodes hijacked before - I was notified and I rebuilt them new, for a different purpose in less than one hour.
There is bickering about theoretical stuff, and there is everything else that is practical and predictable.
-
Embed this notice
All GNU social JP content and data are available under the