HackerTrans
TopNewTrendsCommentsPastAskShowJobs

randompeach

no profile record

Submissions

ISRG (LetsEncrypt) has created two new roots [pdf]

letsencrypt.org
2 points·by randompeach·8 months ago·1 comments

Boycott IETF 127

boycott-ietf127.org
572 points·by randompeach·last year·358 comments

Hashmap implementation techniques for fun and profit

sio.mataroa.blog
2 points·by randompeach·last year·0 comments

Operation Final Exchange

finalexchange.de
2 points·by randompeach·2 years ago·0 comments

WebAuthentication PRF Extension Beta at Apple

developer.apple.com
1 points·by randompeach·2 years ago·0 comments

Servers don't like it hot

leah.is
2 points·by randompeach·2 years ago·0 comments

An Engineer's Guide to Integrating ARI into Existing Acme Clients

letsencrypt.org
2 points·by randompeach·2 years ago·1 comments

Ask HN: What should a Alternative to LetsEncrypt offer

4 points·by randompeach·2 years ago·16 comments

comments

randompeach
·8 months ago·discuss
ISRG generated two new roots a few days ago. - Root YE - Root RE
randompeach
·last year·discuss
Meerfarbig in Frankfurt.

Nikhef in Amsterdam.

Both are good options.
randompeach
·2 years ago·discuss
SMIME will become PQC as well as GPG (as of my knowledge).

SMIME will also get an ACME standard for issuing. Including a handful of CAs that will likely issue free Certificates for it.
randompeach
·2 years ago·discuss
As of my knowledge: no.
randompeach
·2 years ago·discuss
I personally find token2 really nice.
randompeach
·2 years ago·discuss
Let’s start my comment new /o\

My guess is that noting will happen for now. It’s mostly a decision that ICANN working groups have to figure out. But given the current size of the .io zone and that we already have a non existing cctld (.su for Soviet Unite), I’m pretty confident it will exist in the mid-term future.
randompeach
·2 years ago·discuss
I mean… they don’t need to care that much with 200mio€ profit.

But yes a smother signup, potentially coupled with a prepaid credit (via 3-D Secure) and or eID would be the easiest and safest solution for everyone.

Atleast if it’s clearly stated how and why that is required.
randompeach
·2 years ago·discuss
„German Family Business“ is my bet.

They have their own internal security team, that handles activation on a case by case basis. Some users need to verify at the beginning, some after a week and other do not have to verify at all.

As you can imagine, at that price point, people will abuse the sh* out of the platform. From public posts it lookalike the main indicators are: - country you provided - IP based Country - Payment method - Payment method returned country - order size - order pattern (something like spawn a server, abuse stuff, order new OR many servers at the beginning)

Sadly you just need to wait. I wish they would have other solutions. But for now that’s it :-/
randompeach
·2 years ago·discuss
I would guess that 8-10k per year without the icann / tld fees, is a good starting point.
randompeach
·2 years ago·discuss
DNS via cloudns for example is around 10ct per Zone per Month via there DDoD Protected package.

Email Infrastructure (for renewal etc.) can be acquired over different services like postmark.

Validation of contact data can be expensive too. However maybe something like nominatim could do the trick.

Another thing is infrastructure for Whois/RDAP.

Then you need standard things like Whois privacy (there is a document by icann for requirements).
randompeach
·2 years ago·discuss
Depends on the volume. But it’s mostly under the 80k required capital.

There are even some open source implementations for the backends.

Most expensive points are the required employees and the signup fees (and prepaid) for other registry’s like .xyz
randompeach
·2 years ago·discuss
age-encryption.org their project has a good documentation / standard of how age encryption works. Helped me to understand this topic better.
randompeach
·2 years ago·discuss
As in: not that google decides to remove the domain, because you did not follow the requirements thing and only as “wasn’t there something” from my side.
randompeach
·2 years ago·discuss
Hey Ehm short questions: didn’t .new have a requirement for the usage of the TLD?

e.g. example.new should forward to a website that allowed to create examples?
randompeach
·2 years ago·discuss
Non-Profit based ACME CA in Europe.

We want to establish an alternative to Let’s Encrypt that is taking the core features and values from ISRG. That’s not based on “bad US!1!”, more then a alternative would strengthen the ecosystem. This also means to create an alternative ecosystem like boulder.

The current challenges are mostly about incorporating the non-profit and structure it right. So that it’s as open as possible.

Motivation? To help shape the security landscape and bring much wanted features that are not viable for Let’s Encrypt to implement. Viable describes that boulder would require major rewrites for it to get implemented.

Specially we want to provide SMIME and .onion certificates.
randompeach
·2 years ago·discuss
For clients that support ARI, they also waived all rate limits. So thats nice.
randompeach
·2 years ago·discuss
My thing is, that a true alternative would atleast offer the same features at the same price point. I’d also a registered non profit: even better.
randompeach
·2 years ago·discuss
Buypass is based in Norway. Sadly no wildcard.

Section is based in the UK. Also no wild card.

ZeroSSL is based in Austria. But they are technically a reseller from Sectigo (using a branded intermediate.)
randompeach
·2 years ago·discuss
Fair. Yes.
randompeach
·2 years ago·discuss
Thanks forgot that point totally/o\