undefined | Better HN

0 pointslodovic2y ago0 comments

So rather no crypto at all?

0 comments

Currently you can get encryption if you care to configure it, so some have crypto and some don't; but if all certs are trusted, then everybody gets compromised crypto, which isn't much better than no crypto, so it's IMHO a downgrade.

8organicbits2y ago

The problem is ownership and trust roots. If you don't uniquely own a domain name then you can't get a TLS cert for it from a public CA. Private CAS still work, but are challenging.

I've been exploring private-use-only domain registration at https://www.getlocalcert.net/, which is compatible with LetsEncrypt.

j / k navigate · click thread line to collapse

0 comments

PeterisP2y ago

8organicbits2y ago

The problem is ownership and trust roots. If you don't uniquely own a domain name then you can't get a TLS cert for it from a public CA. Private CAS still work, but are challenging.

I've been exploring private-use-only domain registration at https://www.getlocalcert.net/, which is compatible with LetsEncrypt.

j / k navigate · click thread line to collapse