HackerTrans
TopNewTrendsCommentsPastAskShowJobs

randompeach

no profile record

Submissions

ISRG (LetsEncrypt) has created two new roots [pdf]

letsencrypt.org
2 points·by randompeach·8 mesi fa·1 comments

Boycott IETF 127

boycott-ietf127.org
572 points·by randompeach·anno scorso·358 comments

Hashmap implementation techniques for fun and profit

sio.mataroa.blog
2 points·by randompeach·anno scorso·0 comments

Operation Final Exchange

finalexchange.de
2 points·by randompeach·2 anni fa·0 comments

WebAuthentication PRF Extension Beta at Apple

developer.apple.com
1 points·by randompeach·2 anni fa·0 comments

Servers don't like it hot

leah.is
2 points·by randompeach·2 anni fa·0 comments

An Engineer's Guide to Integrating ARI into Existing Acme Clients

letsencrypt.org
2 points·by randompeach·2 anni fa·1 comments

Ask HN: What should a Alternative to LetsEncrypt offer

4 points·by randompeach·2 anni fa·16 comments

comments

randompeach
·8 mesi fa·discuss
ISRG generated two new roots a few days ago. - Root YE - Root RE
randompeach
·anno scorso·discuss
Meerfarbig in Frankfurt.

Nikhef in Amsterdam.

Both are good options.
randompeach
·2 anni fa·discuss
SMIME will become PQC as well as GPG (as of my knowledge).

SMIME will also get an ACME standard for issuing. Including a handful of CAs that will likely issue free Certificates for it.
randompeach
·2 anni fa·discuss
As of my knowledge: no.
randompeach
·2 anni fa·discuss
I personally find token2 really nice.
randompeach
·2 anni fa·discuss
Let’s start my comment new /o\

My guess is that noting will happen for now. It’s mostly a decision that ICANN working groups have to figure out. But given the current size of the .io zone and that we already have a non existing cctld (.su for Soviet Unite), I’m pretty confident it will exist in the mid-term future.
randompeach
·2 anni fa·discuss
I mean… they don’t need to care that much with 200mio€ profit.

But yes a smother signup, potentially coupled with a prepaid credit (via 3-D Secure) and or eID would be the easiest and safest solution for everyone.

Atleast if it’s clearly stated how and why that is required.
randompeach
·2 anni fa·discuss
„German Family Business“ is my bet.

They have their own internal security team, that handles activation on a case by case basis. Some users need to verify at the beginning, some after a week and other do not have to verify at all.

As you can imagine, at that price point, people will abuse the sh* out of the platform. From public posts it lookalike the main indicators are: - country you provided - IP based Country - Payment method - Payment method returned country - order size - order pattern (something like spawn a server, abuse stuff, order new OR many servers at the beginning)

Sadly you just need to wait. I wish they would have other solutions. But for now that’s it :-/
randompeach
·2 anni fa·discuss
I would guess that 8-10k per year without the icann / tld fees, is a good starting point.
randompeach
·2 anni fa·discuss
DNS via cloudns for example is around 10ct per Zone per Month via there DDoD Protected package.

Email Infrastructure (for renewal etc.) can be acquired over different services like postmark.

Validation of contact data can be expensive too. However maybe something like nominatim could do the trick.

Another thing is infrastructure for Whois/RDAP.

Then you need standard things like Whois privacy (there is a document by icann for requirements).
randompeach
·2 anni fa·discuss
Depends on the volume. But it’s mostly under the 80k required capital.

There are even some open source implementations for the backends.

Most expensive points are the required employees and the signup fees (and prepaid) for other registry’s like .xyz
randompeach
·2 anni fa·discuss
age-encryption.org their project has a good documentation / standard of how age encryption works. Helped me to understand this topic better.
randompeach
·2 anni fa·discuss
As in: not that google decides to remove the domain, because you did not follow the requirements thing and only as “wasn’t there something” from my side.
randompeach
·2 anni fa·discuss
Hey Ehm short questions: didn’t .new have a requirement for the usage of the TLD?

e.g. example.new should forward to a website that allowed to create examples?
randompeach
·2 anni fa·discuss
Non-Profit based ACME CA in Europe.

We want to establish an alternative to Let’s Encrypt that is taking the core features and values from ISRG. That’s not based on “bad US!1!”, more then a alternative would strengthen the ecosystem. This also means to create an alternative ecosystem like boulder.

The current challenges are mostly about incorporating the non-profit and structure it right. So that it’s as open as possible.

Motivation? To help shape the security landscape and bring much wanted features that are not viable for Let’s Encrypt to implement. Viable describes that boulder would require major rewrites for it to get implemented.

Specially we want to provide SMIME and .onion certificates.
randompeach
·2 anni fa·discuss
For clients that support ARI, they also waived all rate limits. So thats nice.
randompeach
·2 anni fa·discuss
My thing is, that a true alternative would atleast offer the same features at the same price point. I’d also a registered non profit: even better.
randompeach
·2 anni fa·discuss
Buypass is based in Norway. Sadly no wildcard.

Section is based in the UK. Also no wild card.

ZeroSSL is based in Austria. But they are technically a reseller from Sectigo (using a branded intermediate.)
randompeach
·2 anni fa·discuss
Fair. Yes.
randompeach
·2 anni fa·discuss
Thanks forgot that point totally/o\