HackerTrans
TopNewTrendsCommentsPastAskShowJobs

randompeach

no profile record

Submissions

ISRG (LetsEncrypt) has created two new roots [pdf]

letsencrypt.org
2 points·by randompeach·8 माह पहले·1 comments

Boycott IETF 127

boycott-ietf127.org
572 points·by randompeach·पिछला वर्ष·358 comments

Hashmap implementation techniques for fun and profit

sio.mataroa.blog
2 points·by randompeach·पिछला वर्ष·0 comments

Operation Final Exchange

finalexchange.de
2 points·by randompeach·2 वर्ष पहले·0 comments

WebAuthentication PRF Extension Beta at Apple

developer.apple.com
1 points·by randompeach·2 वर्ष पहले·0 comments

Servers don't like it hot

leah.is
2 points·by randompeach·2 वर्ष पहले·0 comments

An Engineer's Guide to Integrating ARI into Existing Acme Clients

letsencrypt.org
2 points·by randompeach·2 वर्ष पहले·1 comments

Ask HN: What should a Alternative to LetsEncrypt offer

4 points·by randompeach·2 वर्ष पहले·16 comments

comments

randompeach
·8 माह पहले·discuss
ISRG generated two new roots a few days ago. - Root YE - Root RE
randompeach
·पिछला वर्ष·discuss
Meerfarbig in Frankfurt.

Nikhef in Amsterdam.

Both are good options.
randompeach
·2 वर्ष पहले·discuss
SMIME will become PQC as well as GPG (as of my knowledge).

SMIME will also get an ACME standard for issuing. Including a handful of CAs that will likely issue free Certificates for it.
randompeach
·2 वर्ष पहले·discuss
As of my knowledge: no.
randompeach
·2 वर्ष पहले·discuss
I personally find token2 really nice.
randompeach
·2 वर्ष पहले·discuss
Let’s start my comment new /o\

My guess is that noting will happen for now. It’s mostly a decision that ICANN working groups have to figure out. But given the current size of the .io zone and that we already have a non existing cctld (.su for Soviet Unite), I’m pretty confident it will exist in the mid-term future.
randompeach
·2 वर्ष पहले·discuss
I mean… they don’t need to care that much with 200mio€ profit.

But yes a smother signup, potentially coupled with a prepaid credit (via 3-D Secure) and or eID would be the easiest and safest solution for everyone.

Atleast if it’s clearly stated how and why that is required.
randompeach
·2 वर्ष पहले·discuss
„German Family Business“ is my bet.

They have their own internal security team, that handles activation on a case by case basis. Some users need to verify at the beginning, some after a week and other do not have to verify at all.

As you can imagine, at that price point, people will abuse the sh* out of the platform. From public posts it lookalike the main indicators are: - country you provided - IP based Country - Payment method - Payment method returned country - order size - order pattern (something like spawn a server, abuse stuff, order new OR many servers at the beginning)

Sadly you just need to wait. I wish they would have other solutions. But for now that’s it :-/
randompeach
·2 वर्ष पहले·discuss
I would guess that 8-10k per year without the icann / tld fees, is a good starting point.
randompeach
·2 वर्ष पहले·discuss
DNS via cloudns for example is around 10ct per Zone per Month via there DDoD Protected package.

Email Infrastructure (for renewal etc.) can be acquired over different services like postmark.

Validation of contact data can be expensive too. However maybe something like nominatim could do the trick.

Another thing is infrastructure for Whois/RDAP.

Then you need standard things like Whois privacy (there is a document by icann for requirements).
randompeach
·2 वर्ष पहले·discuss
Depends on the volume. But it’s mostly under the 80k required capital.

There are even some open source implementations for the backends.

Most expensive points are the required employees and the signup fees (and prepaid) for other registry’s like .xyz
randompeach
·2 वर्ष पहले·discuss
age-encryption.org their project has a good documentation / standard of how age encryption works. Helped me to understand this topic better.
randompeach
·2 वर्ष पहले·discuss
As in: not that google decides to remove the domain, because you did not follow the requirements thing and only as “wasn’t there something” from my side.
randompeach
·2 वर्ष पहले·discuss
Hey Ehm short questions: didn’t .new have a requirement for the usage of the TLD?

e.g. example.new should forward to a website that allowed to create examples?
randompeach
·2 वर्ष पहले·discuss
Non-Profit based ACME CA in Europe.

We want to establish an alternative to Let’s Encrypt that is taking the core features and values from ISRG. That’s not based on “bad US!1!”, more then a alternative would strengthen the ecosystem. This also means to create an alternative ecosystem like boulder.

The current challenges are mostly about incorporating the non-profit and structure it right. So that it’s as open as possible.

Motivation? To help shape the security landscape and bring much wanted features that are not viable for Let’s Encrypt to implement. Viable describes that boulder would require major rewrites for it to get implemented.

Specially we want to provide SMIME and .onion certificates.
randompeach
·2 वर्ष पहले·discuss
For clients that support ARI, they also waived all rate limits. So thats nice.
randompeach
·2 वर्ष पहले·discuss
My thing is, that a true alternative would atleast offer the same features at the same price point. I’d also a registered non profit: even better.
randompeach
·2 वर्ष पहले·discuss
Buypass is based in Norway. Sadly no wildcard.

Section is based in the UK. Also no wild card.

ZeroSSL is based in Austria. But they are technically a reseller from Sectigo (using a branded intermediate.)
randompeach
·2 वर्ष पहले·discuss
Fair. Yes.
randompeach
·2 वर्ष पहले·discuss
Thanks forgot that point totally/o\