undefined | Better HN

0 pointsicebraining10y ago0 comments

Who claims that you can't have a passively secured transport without authentication? I mean, SSL/TLS itself uses DH key exchange, which can be used for that purpose.

The problem is having secured transport against active attacks as well, and without forcing the user to know anything about the site besides its domain.

0 comments

mangeletti10y ago

The problem, which I've stated, is not that Let's Encrypt is doing something bad. It's that they have zero economic incentive to protect their brand when a subpoena comes for their private key. If you think this doesn't matter, I honestly recommend studying economics. I'm not being sarcastic at all. In fact, https://en.wikipedia.org/wiki/Economics_of_security, albeit short, is a great place to start.

j / k navigate · click thread line to collapse

0 pointsicebraining10y ago0 comments

Who claims that you can't have a passively secured transport without authentication? I mean, SSL/TLS itself uses DH key exchange, which can be used for that purpose.

The problem is having secured transport against active attacks as well, and without forcing the user to know anything about the site besides its domain.

0 comments

mangeletti10y ago

j / k navigate · click thread line to collapse