(httptoolkit.com)

596 points pimterry | 1 comments | 25 Jul 23 14:10 UTC | HN request time: 0.205s | source

Show context

superkuh ◴[25 Jul 23 14:15 UTC] No.36862573[source]▶

Google/Microsoft/Apple essentially did this with HTTP/3 too. None of their shipped browsers are able to connect to a non-"CA TLS" HTTP/3 endpoint. To host a HTTP/3 website visitable by a random normal person you have to get continued approval (every 3 months min) from a third party CA corporation for your website.

replies(2): >>36862591 #>>36863130 #

2OEH8eoCRo0 ◴[25 Jul 23 14:17 UTC] No.36862591[source]▶

>>36862573 #

What do you mean approval? You'd need a cert from an entity like Let's Encrypt?

replies(1): >>36862610 #

superkuh ◴[25 Jul 23 14:18 UTC] No.36862610[source]▶

>>36862591 #

Yep. LetsEncrypt is great but everyone centralizing in them is not so great. Normal browsers having the ability to connect to a bare HTTP endpoint in HTTP/3 would solve any problems that might arise from this centralization. It's a straightforwards and easy thing to fix for the HTTP/3 lib devs and mega-corp browsers using those libs. But no one cares about it.

replies(4): >>36862723 #>>36862727 #>>36863143 #>>36863452 #

1. detourdog ◴[25 Jul 23 15:09 UTC] No.36863452[source]▶

>>36862610 #

I think the whole changing identity all the time is the exact opposite of a human system. The type of system only a computer could love.

This seems like a such a wrong headed approach. LetsEncrypt favors constantly changing magic handshakes over long term good social behavior.

Imagine a network where machines that misbehaved were ostracised instead of being able to register certificates frequently.

I see the promise in the Fediverse as it's ability to develop reputations.

↑

Apple already shipped attestation on the web, and we barely noticed