HackerTrans
TopNewTrendsCommentsPastAskShowJobs

charlesbarbier

no profile record

comments

charlesbarbier
·il y a 2 mois·discuss
It's sad because they can do good investigative journalism. They took the lead in the Panama Papers case, the hockey canada and Miller sex scandals, recent Indian and Chinese interference, and many more.

The problem might be that this doesn't even need investigation. It's too boring. Everything is said in the bill. They just lack technical literacy to realize the implication.
charlesbarbier
·il y a 2 mois·discuss
My guess is that the legislators are completely ignorant of the technical implication of weakening the entire chain and the media are just as ignorant.

It's actually quite defensible from their perspective. They justify it with reason they decided wire tapping was reasonable for the past decades. It's just that they don't understand the risk and implication.
charlesbarbier
·il y a 2 mois·discuss
I like toasts. Taste better than people.
charlesbarbier
·il y a 6 mois·discuss
Matter iot devices are IPv6 only.

Apple TV, Amazon Echo/eero, Google Nest are all Thread/Matter hub.

Ikea just started to selling cheap Thread devices. It will soon be mainstream to have IPv6 devices in your home network.
charlesbarbier
·il y a 7 mois·discuss
I didn't express myself well but what I meant by force is that by building a standardized to automate way manage certificate, ACME imposed itself and became mandatory.

Previously, most CA had no programmatic way to order certificate, it was all done manually.

As far as I know, the only providers with that would let you automate certificate provisioning at the time where Comodo, GlobalSign and Digicert.

They all had their own quirky API. Just to give you an idea, we ended up selecting GlobalSign at Shopify a few years before LetsEncrypt, and it was this SOAP nightmare: https://www.globalsign.com/en/repository/GlobalSign_Client_A...

At first none of them were warm at the idea of providing an ACME endpoint. I'm assuming part of it is the cost of implementing it but they probably liked the stickiness of their custom APIs too tied to million dollars contracts.

Nowadays they all implement ACME. At some point, they where effectively forced to implement it to acquire new customers and keep their existing base around because nobody would accept poorly designed custom made protocol anymore.
charlesbarbier
·il y a 7 mois·discuss
They are definitively not the most shady organization in the CA/Browser Forum.
charlesbarbier
·il y a 7 mois·discuss
Not sure if there is a point to "keep things in Europe" when it come to certificate authority.

- LetsEncrypt don't have the private key tied to your certificate - Any of the Certificate Authorities could potentially emit unauthorized certificate

Your only protection for all of these problems is HPKP. If you prefer to keep things in Europe, keep that pinned private key in Europe, but the rest doesn't matter.

That said, it's pretty nice that LetsEncrypt forced the ACME protocol on this industry. Not only it create redundancy with mostly interchangeable alternatives but before ACME, there was no way to fully automate certificate provisioning cleanly.
charlesbarbier
·il y a 7 mois·discuss
It was a red herring the entire time. At Shopify we made experiment regarding conversion between regular certs and EV before they stop being displayed and there was no significant difference. The users don't notice the absence of the fancier green lock.