undefined | Better HN

0 pointsGoz3rr5y ago0 comments

I'm not sure if it's ironic or intentional, but I find it funny that they talk about these points while not having HTTP redirect to HTTPS on their own site, presumably because it's using a self signed certificate.

0 comments

oytis5y ago

It may have something to do with the fact that in another rant the author complains about how HTTPS makes webmasters dependent on certificate-issuing bodies.

DocTomoe5y ago

And he is not wrong about that. The HTTPS/SSL infrastructure is byzantine and less concerned with actually encrypting information, but establishing trust that whoever you as the browser are communicating with is in fact the server that you expect them to be. This is not an easy problem to solve...

For the longest time, this introduced the ecosystem to professional certification authorities, which are essentially profit-oriented organisations that gauged prices.

Let´s Encrypt made some of the situation slightly better, opening up small websites to encryption, but you are still dependent on an external CA and the goodwill of the browser manufacturer to distribute their root certificate with their browsers.

oytis5y ago

At least in Linux distributions it's up to the distro, not the browser. Not to say you can add your own root certificates you trust if you don't trust your distro. You have to trust someone eventually, that's for sure, nothing can be done here.

j / k navigate · click thread line to collapse

0 comments

oytis5y ago

It may have something to do with the fact that in another rant the author complains about how HTTPS makes webmasters dependent on certificate-issuing bodies.

DocTomoe5y ago

For the longest time, this introduced the ecosystem to professional certification authorities, which are essentially profit-oriented organisations that gauged prices.

oytis5y ago

j / k navigate · click thread line to collapse