(long thread, soon a blog post)
Thinking about setting up a little cooperative called #nerdcert. Where we use letsencrypt style certificate generation, renewals and distribution, with ACME support, but only for certificates that have EKU (Extended Key Usage) entries that go beyond serverAuth, the only thing Google will accept from mid next year 😀 Context: Thread and replies at social.wildeboer.net/@jwildebo…
reshared this
The majority of people in Washington fired by Microsoft this week are software engineers. This is reverberating through the ranks as it challenges the idea that SWEs are the most valuable class of workers that would be least likely to get cut.
Ironically, they are the easiest to replace with AI.
Kotes reshared this.
@GhostOnTheHalfShell •Are• software engineers actually being replaced by AI? I have yet to hear credible reports from the field — that is, reports from people who are neither executives nor AI vendors, and who actually understand how software gets built — of AI helping to write code with a net time/cost benefit across the whole arc to production that comes anywhere •close• to justifying the job market shrinkage we’re seeing. Most of the reports I hear amount to “it helped me learn a new thing” but “little or negative net benefit once the code has to actually •work•.” Say what you will about the future, but the •present• just ain’t there.
I tend to think AI is an excuse for the layoffs, not a reason.
![APS En ANY
UE: SAN
Za Ne RO
Ki Bt } 3% Sl
ZN DAS
Wo! 2
a) (SN
NT | __ A ASI 3
ola
Js SL we LSS . \
ARS
/ 5% \& \
Fd 3 wa
* x »
Your power is so strong that whatever you
believe comes true. You are the way you
are because that is what you believe about
yourself. Your whole reality - everything
you believe - is your creation.](https://poliverso.org/photo/preview/640/46343291 "APS En ANY
UE: SAN
Za Ne RO
Ki Bt } 3% Sl
ZN DAS
Wo! 2
a) (SN
NT | __ A ASI 3
ola
Js SL we LSS . \
ARS
/ 5% \& \
Fd 3 wa
* x »
Your power is so strong that whatever you
believe comes true. You are the way you
are because that is what you believe about
yourself. Your whole reality - everything
you believe - is your creation.")
Infortunio in porto: operaio 27enne in codice rosso
Incidente sul lavoro su una nave ormeggiata nel porto di Marina di Carrara. Un ragazzo di 27 anni è stato colpito alla schiena da una fune in tensione di grande diametro mentre stava operando sull'imbarcazione.
Sensitive content
Over 10 years ago, I began crafting a story about Kelpies and a morally grey character—Greer. In 2023, I finally brought it to life in comic form for the Pagaverse. Thank you to everyone who's supported and encouraged me along the way! 🌊✨ Here's a glimpse into 10 years of sketches and story fragments.
patreon.com/posts/128351092?ut…
Free for members
#mermay #scottishfolklore #mastoart #short comic
I shared how science survives in Ukraine — through care, not just access.
#SUPRR #OpenScience #UkraineScience
TKP-ML IB Statement On The Commemoration Of The Nakba abolitionmedia.noblogs.org/191…
TKP-ML IB Statement On The Commemoration Of The Nakba
Resistance Until Liberation: The Unfinished Return
On the 78th anniversary of the Nakba, we stand with Palestinians everywhere to shatter the silence that hides ongoing dispossession. In May 1948, more than seven hundred thousand lives were uprooted so that colonial powers could plant their flags in the Middle East. The violence of 1948 did not end with history; it echoes today in Gaza’s relentless blockade, where families endure chronic shortages of food, water, fuel, and medicine; in the West Bank, where airstrikes and sniper fire stalk children playing in the streets; and in Jenin and other refugee camps, where bulldozers raze homes by night and soldiers carry out mass arrests at dawn.We fully expose, in all its brutality, the settler-colonial Zionist ideology that legitimizes the genocide against the Palestinian people. Imperialist states arm occupation forces, spin tales of “peace” and “stability,” and look away as bombs fall on refugee tents and entire neighborhoods are flattened. Their calculated silence is part of a broader strategy of re-division, an ominous prelude to a new imperialist world war in which Palestine is but one battlefield among many. Yet their plots only bind us more tightly together in solidarity.
Our solidarity is rooted in everyday acts: workers refusing to service weapons factories, students organizing divestment campaigns on campuses, and communities hosting Palestinian artists and speakers. We bring Palestinian voices into our unions, our neighborhoods, and our classrooms, offering spaces where their stories are heard, learned, and passed on. Through these actions we make clear that the right to return is not a distant hope but a shared responsibility and collective mission.
As long as checkpoints still choke movement, blockades starve families, and imperialist powers scheme fresh carve-ups under the threat of a third world war, our solidarity will pulse through every corner of the globe. We are bound together in struggle until every Palestinian can walk home again, unhampered by colonial walls.
Long live the struggle of the Palestinian People!
Long live International Solidarity!
Free Palestine!
TKP-ML International Bureau
May 2025
Source : tkpml.com/statement-of-the-tkp…abolitionmedia.noblogs.org/?p=…
#guerrilla #iraq #kurdistan #nakba #palestine #resistance #rojava #Solidarity #syria #tikko #tkpMl
Statement of the TKP-ML International Bureau on the Commemoration of the Nakba - TKP-ML Resmi Internet Sitesi
Resistance Until Liberation: The Unfinished Return On the 78th anniversary of the Nakba, we stand with Palestinians everywhere to shatter the silence that hides ongoing [...]editor1 (TKP-ML Resmi Internet Sitesi)
“A woman is like a beer. They smell good, they look good, you’d step over your own mother just to get one.”
Who said it: Homer Simpson or Pete Hegseth? trib.al/f00kUIj
Who Said It: Homer Simpson or Pete Hegseth?
They’re both unqualified for their jobs and love to drink. Can you tell them apart?The New Republic
Fire at Kumho Tire’s Gwangju Plant in Korea Halts Production
https://www.bloomberg.com/news/articles/2025-05-17/fire-at-kumho-tire-s-gwangju-plant-in-korea-suspends-production?utm_source=flipboard&utm_medium=activitypub
Posted into Bloomberg @bloomberg-bloomberg
Transgender Coloradans receive new discrimination protections as Gov. Polis signs bill into law
Colorado law now explicitly protects transgender people from being “deadnamed” or misgendered in certain places under legislation signed into law Friday by Gov. Jared Polis.Seth Klamann (The Denver Post)
Turkey’s Celebi Says It’s Cooperating After India Revokes Clearance
https://www.bloomberg.com/news/articles/2025-05-17/celebi-says-it-s-cooperating-after-india-revokes-clearance?utm_source=flipboard&utm_medium=activitypub
Posted into Bloomberg Asia @bloomberg-asia-bloomberg
Wie die Smartphonenutzung der Eltern Kleinkinder beeinflusst
Sind Eltern viel am Handy, kann das auch deren Kindern schaden - und das mehr als den meisten bewusst ist. Eine neue Studie zeigt: Allein das Checken von Benachrichtigungen könnte einen Einfluss haben. Von Anja Braun und Emily Burkhart.
Fakt ist, dass #BigTech alles unternimmt, um die Verweilzeit in Apps zu erhöhen. Und das MIT WISSENSCHAFTLICHEN METHODEN.
Warum?
Um ihre Kaufangebote platzieren zu können.
#WirtschaftMussWachsen
#Tracking
Gesellschaftliche Auswirkungen spielen keinerlei Rolle mehr. Es geht nur noch um #GewinnMaximierung .
Und die Politik spielt seit Jahrzehnten mit.
Und dann wird berichtet, die #Wissenschaft hätte noch keine ausreichenden Ergebnisse zum Beleg der neg. Folgen.
Leider nicht das #Weltklima sondern das #Konsumklima !!!
Privater Konsum findet in der #Freizeit statt. Und der wird angeheizt #KosteEsWasEsWolle .
Aufmerksamkeit wird mit allen Mitteln auf den #Konsum gezogen.
Da wird #Aufmerksamkeit für das Wesentliche im Leben MIT WISSENSCHAFTLICHEN METHODEN abgesaugt. Und da gehören halt Kinder und die eigene psychische Gesundheit auch dazu.
#Awareness #Werbung
Wie gefährlich beim Fliegen Powerbanks im Handgepäck sind
Im Januar brach an Bord eines Airbus A321 der südkoreanischen Air Busan ein Feuer aus. Die Ursache: eine verschmorte Powerbank. Erste Airlines ziehen Konsequenzen. Was Reisende beachten müssen. Von Jens Eberl.
Inside every QA tester there are:
- Two wolves
- One wolf
- Zero wolves
- 0.5 wolves
- 2,147,483,648 wolves
- -2 wolves
- Beer wolves
- Two coyotes
- 🐺🐺
- Два волка
- '); DROP TABLE WOLVES;--
- <script>alert('Awooooo')</script>
Hypolite Petovan likes this.
reshared this
I am reliably informed by Google Shield that my site krebsonsecurity.com on Monday was the target of the biggest DDoS attack Google has ever had to deal with, clocking in at ~6.3 Tbps. This is not quite a record; apparently, an attack Cloudflare had to deal with in April is the largest known DDoS to date -- at ~6.5 Tbps.
It's been a while since we've seen a big DDoS. For reference, this one was about 10x the size of the Mirai botnet attack that launched a record DDoS against my site in 2016, knocking it offline for nearly 4 days until I got the site behind Google Sheild.
I'll know more in a bit. Below is the CF blog about their April attack.
blog.cloudflare.com/ddos-threa…
Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report
DDoS attacks are surging. In 2025 Q1, Cloudflare blocked +20M attacks (a 358% YoY spike) along with 5.6 Tbps and 4.8 Bpps record-breaking attacks. And that's just the beginning. Read more in our latest DDoS Threat Report.The Cloudflare Blog
reshared this
Through the Glass
📷 Canon Elan 7e, 100mm 2.8 | 🎞️ Fuji 200 (developed in Cinestill) | 📍Minnesota Arboretum
#FilmPhotography #35mmFilm #AnalogPhotography #ShootFilm #FilmisNotDead #BelieveInFilm
#Photo #Photography #FilmPhoto #AnalogVibes #Nature #Window
#SpringVibes #BloomSeason #SoftLight #PeacefulMoment #EverydayBeauty #Stillness #Bloom #Flowers #Plants #Meditative
#Minnesota #mnastodon
Gardener shares ultimate hack for seemingly endless supply of green onions: 'Magical' - All For
Did you know you can regrow produce from lots of your kitchen scraps? One gardener showed how they are working on a never-ending supply of green onions.Gardening (All For Gardening)
ClojureScript 1.12.42
Link: clojurescript.org/news/2025-05…
Discussion: news.ycombinator.com/item?id=4…
Forse sono di quelli a cui bastano quattro ore di sonno a notte.
O forse non avrei dovuto mangiare cinese.
rag. Gustavino Bevilacqua reshared this.
A look at AI companies' lobbying push, as well as the GOP's pitch, for the amendment to ban state-level AI regulation, added to the budget reconciliation bill (Brian Merchant/Blood in the Machine)
bloodinthemachine.com/p/de-dem…
techmeme.com/250516/p34#a25051…
Behind Silicon Valley and the GOP’s united campaign to ban state AI laws
Inside the effort to de-democratize AIBrian Merchant (Blood in the Machine)
Sensitive content
The image shows a container of Klimon Cherry Bomb dairy-free ice cream. The container is placed on a white plate with an embossed floral design. The ice cream is pinkish in color, with a dusting of white powder on top, likely a cherry-flavored topping. The container is labeled "Klimon No Dairy. No Difference. Cherry Bomb Dairy Free," indicating it is a non-dairy product. A silver spoon is positioned to the left of the container. The background is slightly blurred, but it appears to be a kitchen setting with a countertop and some indistinct objects.
Provided by @altbot, generated privately and locally using Ovis2-8B
🌱 Energy used: 0.160 Wh
Pentagon’s War Itch? Talk of Direct US-Russia Clash Contradicts Trump’s Policy
Scott Ritter- There are “several plausible pathways” for the Ukraine conflict to escalate into a direct US-Russia war, claimed head of US Northern Command, who labeled Russia as one of the US'thealtworld (TheAltWorld’s Newsletter)
"Last Saturday, the White House abruptly fired Register of Copyrights Shira Perlmutter, a renowned expert with deep knowledge of the importance of copyright to authors. In her place, the White House is attempting to install an administration official with no apparent copyright expertise."
Petition to Reinstate Shira Perlmutter as Register of Copyrights
#books #booksky #writing #writersofmastodon #WritingCommunity #bookstodon @bookstodon@a.gup.pe @bookstodon@fedigroups.social
authorsguild.org/petition-to-r…
Petition to Reinstate Shira Perlmutter as Register of Copyrights - The Authors Guild
Last Saturday, the White House abruptly fired Register of Copyrights Shira Perlmutter, a renowned expert with deep knowledge of the importance of copyright to authors.The Authors Guild
Ukraine und Russland: Gespräche beendet - keine Waffenruhe in Sicht
Das erste direkte Treffen seit mehr als drei Jahren: Vertreter der Ukraine und Russlands haben sich in Istanbul getroffen - wenn auch nur kurz. Russland zeigt sich zufrieden, die Ukraine spricht von "unannehmbaren" Forderungen. Von S. Diettrich.
Das Ergebnis bedeutet vor allem: Europa bereitet sich jetzt besser intensiv auf den Kriegsfall vor.
Die Frage sollte auch sein, ob man wirklich weiter zuwartet, bis der Russe einmarschiert und sich dann wie jetzt in der Ukraine aufstellt.
Oder ob man die aktuelle Bedrohung nicht schon früher begreift und den Spuk schnell beendet, bevor der Russe auch noch mit der Ukraine gewonnene Ressourcen gegen Europa führt.
Es wird Zeit, dass die ÖRR mal was gegen die ganzen Bots tut, sie sich regelmäßig in den Kommentarspalten von Youtube tummeln.
Gerade wenn das Wort Ukraine, Zelensky oder ähnlich um Titel stehen, gibt es erstaunlich viele ÖRR Hasser, sog. Friedensstifter und AFD beführtworter dort.
Das RU Bots beschäftigt werden, um die Meinung zu beeinflussen ist bekannt - und Google wird unter Trump erst Recht nix dagegen unternehmen.
Das Ganze beschädigt unsere Gesellschaft auf Dauer.
A Cool Guide to Statistics and Data Science (ebook)
La data science spiegata ai ragazzi
reshared this
The New York Times Really Asked Ms. Rachel If She's Paid By Hamas
The New York Times Really Asked Ms. Rachel If She's Paid By Hamas | Defector
The house style of the New York Times is severely outdated. Depending on the topic, the newspaper’s purportedly impartial tone instead reads as smug, self-amused, and deeply lazy.defector.com
adhocfungus likes this.
About a year ago I was introduced to Sim Kern's video commentary on books, science fiction, culture, but most importantly... commentary on the current genocide being perpetuated by the Israeli military on Gaza.
Sometimes it is very hard to concentrate on anything else, stay informed, donating, talking about it is the least I can do, but it feels so small.
As of today, millions of children, men, women are starving due to the blockades.
#gaza #gaza_genocide #stop_gaza_genocide
Knicks beat Celtics 119-81 in Game 6 and advance to face Pacers in Eastern Conference finals
https://apnews.com/article/celtics-knicks-nba-playoffs-2025-9afe4c1f54a803bf6f33d9fd85342456?utm_source=flipboard&utm_medium=activitypub
Posted into Sports @sports-AssociatedPress
#EuropeanUnion #russiaUkraineWar
#11yrInvasionofUkraine #RussiaIsATerroristState
Buy Ukrainian Products initiative presented in Sweden
As part of a working visit to Sweden, Ukrainian Agrarian Policy and Food Minister Vitalii Koval presented the Buy Ukrainian Products initiative, which aims to support domestic agricultural producers. — Ukrinform.Ukrinform
Auston Matthews breaks through, Maple Leafs beat Panthers 2-0 to force Game 7
https://apnews.com/article/panthers-maple-leafs-score-nhl-stanley-cup-playoffs-cc5a7715171ff992f9e30062761294d3?utm_source=flipboard&utm_medium=activitypub
Posted into Sports @sports-AssociatedPress
"When Louis Prevost’s younger brother, Robert, became an overnight sensation — named the first American to lead the Catholic Church — he wasn’t privy to an essential canon of internet stardom: Scrub your social media."
Read more from Jasmine M. Green in Today's Opinions:
wapo.st/45hJCTN
Daycare didn't investigate to find out why 3 year old boys already absorbed sexism / misogyny, to have a friend who happens to be a girl?
It's not about the cat... a red herring fallacy to adults reading it, and a coping mechanism for a very lonely kid.
... it's about exclusion.
“Eons” from Library on Fire, my 3rd volume of #poetry available at nihtgengapress.com
Only 2 copies left!
Nihtgenga Press
Books, Art, and Merchandise from Author Michelle Joy Gallagher and Matt SoffeNihtgenga Press
Nothing ever burns down by itself
Every fire needs a little bit of help.
Chumbawamba - Give the Anarchist a Cigarette
youtube.com/watch?v=IW68ETGrbq…
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.youtube.com
US ambassador to NATO announced that the US will begin discussions with European allies to reduce US troops in Europe later this year. European fears about US commitment to NATO have been fueled by Hegseth's comments and Trump's threats to withdraw support from allies.
reuters.com/world/us-start-eur…
#nato
Apple says it won’t ‘take action’ on Fortnite return to the App Store yet
https://9to5mac.com/2025/05/16/apple-wont-take-action-on-fortnite-returning-to-us-app-store/?utm_source=flipboard&utm_medium=activitypub
Posted into All Stories @all-stories-9to5mac
Apple says it won't 'take action' on Fortnite return to the App Store yet - 9to5Mac
Last week, Epic Games resubmitted Fortnite to the App Store in the United States. This followed a court ruling that...Michael Burkhardt (9to5Mac)
Tori Amos, Smells Like Teen Spirit
youtube.com/watch?v=HaAI3jI7uC…
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
‘Europe Day’ hides the Nazi-fascist threat
May 9 does not mean the same for all the nations of Europe. Which could be surprising, even absurd, since the date represents the defeat…Strategic Culture Foundation
Zen Moment of the Day: Kosei-ji #zen #kyoto #japan #garden #photography #travel www.asiaimages.net/gallery-imag...
The black panther eater is in trouble again. I wonder if he will escape this one as lightly as the last time.
thaiexaminer.com/thai-news-for…
#Thailand #Corruption
#EatTheRich NotPanthers
Italian Thai boss and 16 others arrested on Thursday charged with Auditor General building deaths - Thai Examiner
Bangkok police issued arrest warrants for 17 executives, engineers and company representatives linked to the March Auditor General building collapse that killed 100. Charges include… Read More ›Joseph O' Connor (Thai Examiner)
reshared this
Wherein Greg becomes more and more unhinged…
youtube.com/watch?v=DEVupZAnAL…
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
you should listen to @pluralistic's new podcast, season 5 of CBC's Understood, titled, Who Broke The Internet?
Libya remains fractured since the 2011 uprising that toppled Muammar Gaddafi, with rival administrations and armed factions competing for power.
A protest against Libya's Government of National Unity took place in Tripoli on May 16. Senior officials, including the deputy prime minister and several ministers, resigned after the killing of a senior commander in the Stability Support Apparatus in a clash with a militia loyal to the prime minister.
english.news.cn/africa/2025051…
Protest erupts in Libya's Tripoli, senior officials resign
Protest erupts in Libya's Tripoli, senior officials resign-english.news.cn
Let's not forget the NATO bombing campaign which was the main contributor to his overthrow and the subsequent disorder.
They ruined one of the most prosperous and progressive countries in Africa... and then have the temerity to complain about Africans crossing the Mediterranean in search for a better life...
Yogthos reshared this.
GitHub - esden/stm32-kicad-lib: KiCad libraries generated from the STM32Cube database.
KiCad libraries generated from the STM32Cube database. - esden/stm32-kicad-libGitHub
Secret Service pays a visit to James Comey about the '8647' seashell threat
The U.S. Secret Service reportedly paid a visit to former Federal Bureau of Investigation Director James Comey over an image he posted on social media that many took as a threat against the president.
Secret Service agents escorted Comey to their Washington field office in Washington, D.C., on Friday for an interview, according to law enforcement sources who spoke to CNN. Comey was questioned about allegations that a message reading "8647" was a call for violence against President Donald Trump, the 47th president of the U.S.
'We are aware of the social media posts by the former FBI director, and we take rhetoric like this very seriously.'
Comey posted the image of a number of seashells arranged to spell "8647" on Thursday, but he later deleted the post and claimed that he did not intend to advocate for any political violence.
The former FBI director appeared voluntarily for the interview and was not in custody, according to the CNN report.
Secret Service spokesman Anthony Guglielmi released a statement about the incident.
“The Secret Service vigorously investigates anything that can be taken as a potential threat against our protectees,” said Guglielmi to CNN. “We are aware of the social media posts by the former FBI director, and we take rhetoric like this very seriously. Beyond that, we do not comment on protective intelligence matters.”
Department of Homeland Security Sec. Kristi Noem and current FBI Director Kash Patel issued statements saying that the Comey seashell threat would be investigated.
The president also lambasted Comey in a comment on Fox News.
"He knew exactly what that meant. A child knows what that meant. If you're the FBI director and you don't know what that meant? That meant assassination," said Trump to Bret Baier.
"And it says it loud and clear," Trump added. "Now, he wasn't very competent, but he was competent enough to know what that meant, and he did it for a reason. And he was hit so hard because people like me, and they like what's happening with our country. Our country's become respected again. And he's calling for the assassination of the president."
The term "86" has been in use for more than a century and could refer to the action of taking something off of a menu at a restaurant, but more recently it has also included killing something or someone.
Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!
Sign up for the Blaze newsletter
Get the stories that matter most delivered directly to your inbox.Blaze Media
Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •nerdcert.eu
nerdcert.euLord Caramac the Clueless, KSC reshared this.
Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •nerdcertMirror
Codeberg.orgJan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •Collecting more input on EKU (Extended Key Usage). While there are several proprietary extensions, the more logical source of EKUs is OID (1.3.6.1.5.5.7.3)
That defines 44 EKUs, of which 5 are declared to be obsolete. Now for browser communication, Google wants to reduce that list to the first entry only, id-kp-serverAuth. Any other EKU in a cert means no trust by Chrome in future.
iana.org/assignments/smi-numbe…
Structure of Management Information (SMI) Numbers (MIB Module Registrations)
www.iana.orgJan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •And now for the coop part. First the definition I use, because that is important:
"A cooperative is an autonomous association of persons united to meet common economic, social, and cultural goals. They achieve their objectives through a jointly-owned and democratically-controlled enterprise."
[1]OK. With that out of the way, let's see what this means for the CA idea behind nerdcert.
[1] single-market-economy.ec.europ…
Cooperatives
Internal Market, Industry, Entrepreneurship and SMEsJan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •There are a lot of interesting terms in the definition. It is an autonomous association (jointly-owned, not by a single person or investor) of persons (not companies) with a defined (set of) goals, a coop however acts as an enterprise (so doesn't have to be a non-profit) and is democratically controlled (transparent by definition).
This makes a coop a better fit than a foundation. In a coop people focus on building solutions, not on managing a foundation, which is a very different skillset.
Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •For an idea/project like nerdcert, but also more general for open source projects, the coop reflects in its construction the values I hope it can represent.
But there is a bigger advantage. The jointly-owned means that you have to create a trusted registry for owners/members. That you have to manage the money they owe the coop.
So, by accident, more or less, you have to solve the same problem for the coop that you need to solve for running a CA/PKI: KYC — Know Your Customer.
Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •And by solving the same problem for two tasks, you create (buzzword ;) synergy effects. Now that you have to establish proof of ownership/identity for coop owners/members, you can use all of that in the CA/PKI context too. Extended Validation certificates are suddenly in reach, more or less as a by-poduct of being a coop.
You could even run member-specific CAs as part of the goals of the coop. And reinvest. Actually make money and donate that to the FOSS projects you use. Etc.
Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •You could create a network of coops that each run their specific CAs and establish trust between these coops, thus growing the network.
I guess you get the idea by now. I'll take a break here to sort my thoughts, because they are overflowing and need some time to settle into coherent sentences. I hope you like the story so far 😀
Lord Caramac the Clueless, KSC reshared this.
Jeroen Massar
in reply to Jan Wildeboer 😷 • • •Jan Wildeboer 😷
in reply to Jeroen Massar • • •@jeroen It's only a problem when being accepted in the root pool is your goal ;) This whole idea started because Google has decided to un-trust all root CAs that allow more than just the authServer EKU in certificates from mid next year on. Becoming included in that club is definitely not the goal.
The consensus in the CA/PKI world seems to be anyway that for anything but browser acceptance, a private CA is the better and preferred approach. A cooperative approach to that — that's my idea.
Lord Caramac the Clueless, KSC reshared this.
Jeroen Massar
in reply to Jan Wildeboer 😷 • • •Jan Wildeboer 😷
in reply to Jeroen Massar • • •Jeroen Massar
in reply to Jan Wildeboer 😷 • • •Jan Wildeboer 😷
in reply to Jeroen Massar • • •@jeroen Here's my logic (which might be flawed, that's why I share in the open):
- For web/mail server certificates letsencrypt exists and works just fine.
- For M2M, mTLS, device certificates having more EKUs that just authServer makes a lot of sense
- Consensus in the industry is that for those use cases you should run a private CA/PKI
- That's however a big ask for many projects/groups out there
- So why not build that as a service, as a coop?
HTH (Hope This Helps)
Jeroen Massar
in reply to Jan Wildeboer 😷 • • •Can be good.... but...
A cert is mostly meaningless (untrusted) if you do not trust the CA that signed it, as then anyone could make a CA and cert and claim to be a given host.
DANE TSLA circumvents that problem by putting the "CA trust" into DNS/DNSSEC (which is not a bad way IMHO, but requires participants to use/support that...);
thus either everyone needs to trust the new CA or everyone support DANE; egg meet a hard problem (distros could sneak in a new CA)
Jeroen Massar
in reply to Jeroen Massar • • •The Sunlight CT Log
sunlight.devFilippo Valsorda
in reply to Jeroen Massar • • •@jeroen @benjojo FWIW, folks using the WebPKI for non-Web purposes has been a massive issue (since they tend to scream "noooo you will break my 1998 PoS clients if you do that and people will die" every time you try to improve things), so requiring WebPKI-only (and so serverAuth-only) hierarchies is a great thing for the security of Web users, not some abuse of power.
I don't know enough about non-Web non-mail use cases to tell if a coop-run domain validated (?) CA will make sense.
Alfred J. Kwak (audiokontor) ☕
in reply to Jan Wildeboer 😷 • • •let me check where i can help....
Jan Wildeboer 😷
in reply to Jan Wildeboer 😷 • • •nerdcert.eu
nerdcert.euFilippo Valsorda
Unknown parent • • •@jeroen @benjojo I am not making fun of anyone here, I explicitly said "I don't know enough about non-Web non-mail use cases" because I don't know enough.
I am complaining about folks using *a specific PKI designed for browsers and managed by browsers* and then asking that it comply with their non-browser requirements. But it doesn't sound like that's what you are planning, quite the opposite!
Jan Wildeboer 😷
Unknown parent • • •Filippo Valsorda
Unknown parent • • •@jeroen @benjojo Google is not stopping Let's Encrypt from doing anything. They are just requiring that the WebPKI roots they trust on behalf of their browser users only issue certificates for browsers, so they can more easily update to future browser requirements. This is good basic PKI hygiene.
Let's Encrypt decided not to spin up non-browser roots, which I respect, since they are a non-profit that can choose what they focus on.
You can make roots for other purposes.
Jan Wildeboer 😷
Unknown parent • • •Filippo Valsorda
in reply to Jan Wildeboer 😷 • • •@jeroen @benjojo It's right there, "split [...] into separate PKIs". TLS and X.509 are not browser-only, the WebPKI is.
I think this conversation has run its course, I wish you the best building the infrastructure you need!