Dude, the guy said something outputs garbage to someone that isn’t you, and asked why someone liked something because of that. You jumped through mental hoops to justify calling people names and swearing.
Did you make wisdom your dump stat or something? 🤣
You call a stranger a sociopath based on a couple of words and then proceeded to display a distinct lack of empathy, disregard for social norms, and manipulative behaviour by suggesting that you being “correct” entitles you to be absurdly rude to others.
I think you should mull over your own words a little:
Professor Belvedere “Fartsparkles” Tinkletuft was once a respected lecturer at the Neverwinter Arcane Academy. His groundbreaking research into “transmogrified odoriferous manifestations” (or, as the students called it, fart magic) was dismissed as childish and “in poor taste.”
In protest, the Professor vowed to prove that flatulence is the ultimate illusion. Through alchemical experimentation, he discovered how to weaponize his digestive essence into arcane displays — clouds of glittering gas, illusionary stink beasts, and even gaseous duplicates of himself.
Now he roams the realms, performing “scientific demonstrations” and occasionally saving the world — usually by accident.
Why does your use case trump all other use cases for users on the internet?
Just because your use of HTTP doesn’t expose users to risks (technically it does to MitM) doesn’t mean users shouldn’t be warned about the risks of HTTP by their browser.
You’re annoyed at browsers, not HTTPS or CAs. There’s nothing in the specifications / RFCs that HTTP warnings are MUSTs.
And they’re patching in memory so enjoy giving full system permission to their tool and excluding it from your security products as this thing is architecturally similar to malware.
If clients trust the cert and add it to their store, what happens when your key is stolen? Where’s the CRL And how is trust established with the provider of that CRL (which I assume is also self-signed and requires TOFU)? What if first contact is made with a MitM and trust is established with the actor?
With no third party trust anchor, how do you authenticate identity? You’ve got an encrypted connection but to who?
Certs on the public internet aren’t just about confidentiality and integrity, they’re about authenticity, something the author of the article doesn’t quite understand. Certificates are literally about binding identity to a key, with CAs providing a way to bootstrap trust of that binding.
There hasn’t really been a better proposed solution to this problem.
DANE/DNSSEC shifts trust from CAs to registrars, PGP Web of Trust is complex for users and adds friction to revocations, key pinning breaks catastrophically if you lose the key, DNS CAA just constrains the CA model but is still the same thing. Blockchain still has key loss issues and how do you handle disputes? Also you’re centralising things economically since biggest miners thus dominates.
SPKI was really interesting and actually positioned that identity key bindings via certs could negate the need for CAs if binding shifted to a protocol. It didn’t get anywhere though.
Don’t get me wrong, I have my own PKI and CA at home and “self-sign” internally but that’s fine when i can personally establish trust and authenticate but it doesn’t internet-scale where everyone is predominately strangers.
I once bought a pack of condoms from a vending machine in a gas station bathroom and the pack had a little red devil on it that looked incredibly familiar. I kept the box but goodness knows where in the house it is.
Dude, the guy said something outputs garbage to someone that isn’t you, and asked why someone liked something because of that. You jumped through mental hoops to justify calling people names and swearing.
Did you make wisdom your dump stat or something? 🤣