HackerTrans
TopNewTrendsCommentsPastAskShowJobs

randompeach

no profile record

Submissions

ISRG (LetsEncrypt) has created two new roots [pdf]

letsencrypt.org
2 points·by randompeach·8개월 전·1 comments

Boycott IETF 127

boycott-ietf127.org
572 points·by randompeach·작년·358 comments

Hashmap implementation techniques for fun and profit

sio.mataroa.blog
2 points·by randompeach·작년·0 comments

Operation Final Exchange

finalexchange.de
2 points·by randompeach·2년 전·0 comments

WebAuthentication PRF Extension Beta at Apple

developer.apple.com
1 points·by randompeach·2년 전·0 comments

Servers don't like it hot

leah.is
2 points·by randompeach·2년 전·0 comments

An Engineer's Guide to Integrating ARI into Existing Acme Clients

letsencrypt.org
2 points·by randompeach·2년 전·1 comments

Ask HN: What should a Alternative to LetsEncrypt offer

4 points·by randompeach·2년 전·16 comments

comments

randompeach
·8개월 전·discuss
ISRG generated two new roots a few days ago. - Root YE - Root RE
randompeach
·작년·discuss
Meerfarbig in Frankfurt.

Nikhef in Amsterdam.

Both are good options.
randompeach
·2년 전·discuss
SMIME will become PQC as well as GPG (as of my knowledge).

SMIME will also get an ACME standard for issuing. Including a handful of CAs that will likely issue free Certificates for it.
randompeach
·2년 전·discuss
As of my knowledge: no.
randompeach
·2년 전·discuss
I personally find token2 really nice.
randompeach
·2년 전·discuss
Let’s start my comment new /o\

My guess is that noting will happen for now. It’s mostly a decision that ICANN working groups have to figure out. But given the current size of the .io zone and that we already have a non existing cctld (.su for Soviet Unite), I’m pretty confident it will exist in the mid-term future.
randompeach
·2년 전·discuss
I mean… they don’t need to care that much with 200mio€ profit.

But yes a smother signup, potentially coupled with a prepaid credit (via 3-D Secure) and or eID would be the easiest and safest solution for everyone.

Atleast if it’s clearly stated how and why that is required.
randompeach
·2년 전·discuss
„German Family Business“ is my bet.

They have their own internal security team, that handles activation on a case by case basis. Some users need to verify at the beginning, some after a week and other do not have to verify at all.

As you can imagine, at that price point, people will abuse the sh* out of the platform. From public posts it lookalike the main indicators are: - country you provided - IP based Country - Payment method - Payment method returned country - order size - order pattern (something like spawn a server, abuse stuff, order new OR many servers at the beginning)

Sadly you just need to wait. I wish they would have other solutions. But for now that’s it :-/
randompeach
·2년 전·discuss
I would guess that 8-10k per year without the icann / tld fees, is a good starting point.
randompeach
·2년 전·discuss
DNS via cloudns for example is around 10ct per Zone per Month via there DDoD Protected package.

Email Infrastructure (for renewal etc.) can be acquired over different services like postmark.

Validation of contact data can be expensive too. However maybe something like nominatim could do the trick.

Another thing is infrastructure for Whois/RDAP.

Then you need standard things like Whois privacy (there is a document by icann for requirements).
randompeach
·2년 전·discuss
Depends on the volume. But it’s mostly under the 80k required capital.

There are even some open source implementations for the backends.

Most expensive points are the required employees and the signup fees (and prepaid) for other registry’s like .xyz
randompeach
·2년 전·discuss
age-encryption.org their project has a good documentation / standard of how age encryption works. Helped me to understand this topic better.
randompeach
·2년 전·discuss
As in: not that google decides to remove the domain, because you did not follow the requirements thing and only as “wasn’t there something” from my side.
randompeach
·2년 전·discuss
Hey Ehm short questions: didn’t .new have a requirement for the usage of the TLD?

e.g. example.new should forward to a website that allowed to create examples?
randompeach
·2년 전·discuss
Non-Profit based ACME CA in Europe.

We want to establish an alternative to Let’s Encrypt that is taking the core features and values from ISRG. That’s not based on “bad US!1!”, more then a alternative would strengthen the ecosystem. This also means to create an alternative ecosystem like boulder.

The current challenges are mostly about incorporating the non-profit and structure it right. So that it’s as open as possible.

Motivation? To help shape the security landscape and bring much wanted features that are not viable for Let’s Encrypt to implement. Viable describes that boulder would require major rewrites for it to get implemented.

Specially we want to provide SMIME and .onion certificates.
randompeach
·2년 전·discuss
For clients that support ARI, they also waived all rate limits. So thats nice.
randompeach
·2년 전·discuss
My thing is, that a true alternative would atleast offer the same features at the same price point. I’d also a registered non profit: even better.
randompeach
·2년 전·discuss
Buypass is based in Norway. Sadly no wildcard.

Section is based in the UK. Also no wild card.

ZeroSSL is based in Austria. But they are technically a reseller from Sectigo (using a branded intermediate.)
randompeach
·2년 전·discuss
Fair. Yes.
randompeach
·2년 전·discuss
Thanks forgot that point totally/o\