You want @mwl@io.mwl.io

Trying to avoid belaboring that all root certificates are self-signed in #TLSMastery.

It's in there, sure. But I want to put it on every page. Along with screaming "CAs are a scam!"

1+
David Cross
Follow

@mwlucas while you are rightfully trouncing CAs, are you covering alternatives like DANE? Also do you cover being your own CA and the options for how to do it like setting up your own crl and ocsp server and ocsp stapling?

· · Amaroq · 1 · 0 · 0
You want @mwl@io.mwl.io

@david

DANE is in the DNSSEC book. Probably doing a new rev of that next.

Your own CA is a possibility. Debating that. I really want this to be a shorter book.

1
David Cross

@mwlucas if you need commands for running your own crl and ocsp servers
for your own CA, I’ve got it!

1
David Cross

@mwlucas oh. Something I forgot to mention. One thing I’ve noticed is that I’ve been noticed. I see regular probes to my ocsp server from google, microsoft, and apple

0
Sign in to participate in the conversation
Cross Family's Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Resources

Developers

What is Mastodon?

mastodon.crossfamilyweb.com

More…

v3.5.2 · Privacy policy