←back to thread

Let's Encrypt is 10 years old now

(letsencrypt.org)
489 points gslin | 1 comments | 20 Nov 24 06:13 UTC | HN request time: 0.21s | source
Show context
pests ◴[20 Nov 24 07:45 UTC] No.42191619[source]
It feels like just yesterday I was paying for certs, or worst, just running without.

Can't believe its been ten years.

replies(1): >>42191666 #
ozim ◴[20 Nov 24 07:52 UTC] No.42191666[source]
Can’t believe there are still anti TLS weirdos.
replies(7): >>42191688 #>>42191718 #>>42191893 #>>42192714 #>>42192733 #>>42193057 #>>42193614 #
dijit ◴[20 Nov 24 07:58 UTC] No.42191688[source]
The digital equivalent of a local kebab shop menu does not need encryption.

The lack of understanding from us as technologists for people who would have had a working site and are now forced into either: an oligopoly of site hosting companies, or, for their site to break consistently as TLS standards rotate is one thing that brings me shame about our community.

You can come up with all kinds of reasons to gatekeep website hosting, “they have to update anyway” even when updating means reinstallion of an OS, “its not that hard to rotate” say people with deep knowledge of computers, “just get someone else to do it” say people who have a financial interest in it being that way.

Framing people with legitimate issues as weirdo’s is not as charming as you think it is.

replies(6): >>42191746 #>>42191752 #>>42191760 #>>42191778 #>>42191785 #>>42191894 #
johannes1234321 ◴[20 Nov 24 08:14 UTC] No.42191752[source]
TLS doesn't just hide the information transmitted, but also ensures the integrity. Thus nobody on the network tinkered with the prices on the menu.

Also the Kebap Shop probably has a form for reservation or ordering, which takes personal information.

True, they are all low risk things, but getting TLS is trivial (since many Webservers etc can do letsencrypt rotation fully automatically) and secure defaults are a good thing.

replies(3): >>42191784 #>>42191896 #>>42192727 #
dijit ◴[20 Nov 24 08:20 UTC] No.42191784[source]
There are plenty of websites that were just static pages used for conveying information. Most people who set them up lacked the ability to turn them into forms that connected to anything.

They’ve nearly all been lost to time now though, if a shop has a web-presence it will be through a provider such as “bokabord”, doordash, ubereats (as mentioned), some of whom charge up to 30% of anything booked/ordered via the web.

But, I guess no MITM can manipulate prices… except, by charging…

replies(2): >>42191863 #>>42191985 #
matrss ◴[20 Nov 24 08:35 UTC] No.42191863[source]
> There are plenty of websites that were just static pages used for conveying information.

If you care about the integrity of the conveyed information you need TLS. If you don't, you wouldn't have published a website in the first place.

A while back I've seen a wordpress site for a podcast without https where people also argued it doesn't need it. They had banking information for donations on that site.

Sometimes I wish every party involved in transporting packets on the internet would just mangle all unencrypted http that they see, if only to make a point...

replies(4): >>42191908 #>>42192753 #>>42192786 #>>42197635 #
eesmith ◴[20 Nov 24 11:13 UTC] No.42192786[source]
There is a specific class of websites that will always support non-TLS connections, like http://home.mcom.com/ and http://textfiles.com/ .

Like, "telnet textfiles.com 80" then "GET / HTTP/1.0", <enter>, "Location: textfile.com" <enter><enter> and you have the page.

What would be the point of making these unencrypted sites disappear?

replies(2): >>42193242 #>>42194298 #
johannes1234321 ◴[20 Nov 24 14:43 UTC] No.42194298[source]
Instead of using telnet, switch over to an TLS client.

    openssl s_client -connect news.ycombinator.com:443
and you can do the same. A simple wrapper, alias or something makes it as nice as telnet.
replies(1): >>42195931 #
1. eesmith ◴[20 Nov 24 17:02 UTC] No.42195931[source]
My goal was to demonstrate that it supported http, and did not require TLS.