submitted by knightwarrior41 to technology 2.4 yearsDec 4, 2022 05:08:35 ago (+9/-0) (www.stripes.com)
https://www.stripes.com/theaters/us/2022-11-30/military-contractor-browsers-cut-ties-8255730.html#:~:text=Major%20web%20browsers%20moved%20Wednesday%20to%20stop%20using,reported%20its%20connections%20to%20a%20U.S.%20military%20contractor.
x0x7 0 points 2.4 years ago
CAs were a mistake to begin with. It's just a ploy to get the personal information of people who make alt-tech sites. There is nothing wrong with a self-signed signature. I shouldn't need someone to know my personal information to show cryptographically that the person publishing to a site has been the same person continuously.
It's typical problem and solution. You have a problem, man in the middle attacks. You could literally solve that problem on your own but we won't let you have a solution unless that solution solves a problem for us. We want to know who is responsible for publishing information online that we don't like. So no one can run a secure business or website unless they hand that over.
User don't need to know who is running the site they are on in most cases. But if I simply want to keep their passwords from leaking we can't have that unless everyone gives us information. CAs manufacture an unnecessary trade-off between security and anonymity. And if you dare try to buck the system and run a site with a self-sign then you get a scary red-screen of death. Danger, danger, viruses. That you wouldn't get if you ran http with no encryption at all. Improve security but not on their terms and you've just killed your website. Absolute fucking mafia.