undefined | Better HN

0 pointsbandrami10y ago0 comments

Thank you. Demanding TLS while insisting on keeping our broken PKI alive is saying that anonymous publishing is impossible.

Just look at the stupid way browsers treat self-signed certificates: these are strictly better than plaintext, but plaintext gets no warning and self-signed certificates are warned about and in some cases actually blocked.

Similarly, one mailer (exim, I think?) on seeing an untrusted certificate would actually downgrade to plaintext. There aren't enough palms or enough faces for that.

0 comments

icebraining10y ago

Just look at the stupid way browsers treat self-signed certificates: these are strictly better than plaintext, but plaintext gets no warning and self-signed certificates are warned about and in some cases actually blocked.

Technically, yes. UI-wise, no. People have different expectations for https:// URLs, which would be broken if browsers simply accepted any self-signed cert.

No excuse for the mailer behaviour, though.

j / k navigate · click thread line to collapse