top | item 23669459

(no title)

Almad | 5 years ago

Internet starts to have 1y memory retention.

Unless refreshed by active learning, aka someone doing the refresh job.

Or unless delegating the work to large players—either the memory or the hosting.

EDIT: This feels wrong, even when done for right reasons. And I wonder whether this would fly without LE and whether this means we are officially making LE THE critical part of Internet infrastructure.

discuss

kspacewalk2|5 years ago

Websites marked "insecure" are still fully accessible.

Almad|5 years ago

Not always. You may also end up with having incompatible set of ciphers (happened to me).

"Get off my Internet lawn if you can't be up to date" is what we're saying and I just do wonder whether we haven't exchanged too much of accessibility for too little of security.

cutler|5 years ago

Not always. Sometimes the browser presents a full-page response to the effect that the site is dangerous at which point, even if it's a harmless site, the non-savvy user will leave. Blanket HTTPS/SSL + Letsencrypt is a disaster.

comex|5 years ago

On the contrary… LE is unaffected by this, since from the beginning it has enforced a much shorter certificate expiry time: 90 days. Which effectively forces you to set up automated renewals. Doing that does not require the help of "large players"; you stick certbot or another tool in your crontab, or use something like Caddy or Apache mod_md to have your web server do it by itself.

mholt|5 years ago

Fun fact: you can use Caddy to manage certificates independently of its web server, with just a few lines of config: https://caddy.community/t/using-caddy-to-keep-certificates-r...

This approach is more reliable than cron in case of failures/errors. Not only are there fewer moving parts, Caddy's error handling logic and retries are smarter than just "try again in <interval>".