Re: Website TLS certificates

public inbox for nncp-devel@lists.cypherpunks.ru
Atom feed

From: Sergey Matveev <stargrave@stargrave•org>
To: nncp-devel@lists.cypherpunks.ru
Subject: Re: Website TLS certificates
Date: Wed, 4 Aug 2021 23:16:16 +0300	[thread overview]
Message-ID: <YQr1nH3KFkDQiL7s@stargrave.org> (raw)
In-Reply-To: <20210804185426.nfu5me4ab7ssfq7r@faeroes.freeshell.org>

[-- Attachment #1: Type: text/plain, Size: 1088 bytes --]

*** Jonathan Lane [2021-08-04 18:54]:
>I disgree with your modeling of the threat environment.  If a government
>agency is going to interfere with a TLS CA like Let's Encrypt, the
>threat posed by that is that they can silently MITM a website like
>NNCPGo.org.  They can do that right now anyways due to plaintext HTTP.

Forget to note that by using Let's Encrypt I explicitly allow only
(hopefully!) US/NATO to MitM the traffic. And the main question for me:
why would I want to do that? Why US? Why not China or my native country
special forces? So the choice is: either I allow only US to MitM my
website, or allow everyone to do so. This is easy choice for me.
Actually I am allowing to do more comfortable certificate pinning,
because of 1-year certificates, and authenticating with my
OpenPGP-signed trust anchor. Also all certificate hashes are kept inside
CAA DNS records on the DNSCurve servers, which public keys are also
signed with my OpenPGP one.

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2021-08-04 20:16 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-19 16:57 [EN] NNCP 7.4.0 release announcement Sergey Matveev
2021-07-21 18:47 ` Jonathan Lane
2021-07-21 19:13   ` John Goerzen
2021-07-21 19:32   ` Website TLS certificates Sergey Matveev
2021-08-03 15:58     ` John Goerzen
2021-08-03 18:02       ` Sergey Matveev
2021-08-04  2:46         ` John Goerzen
2021-08-04 12:51           ` Sergey Matveev
2021-08-04 18:54             ` Jonathan Lane
2021-08-04 19:24               ` Sergey Matveev
2021-08-04 20:16               ` Sergey Matveev [this message]
2021-09-02  8:59     ` Sergey Matveev