npub1cch64exjvxqm26wqz92835l53krvw2k9mu3s804m5m0rnhmzfxpsjwf8nu (npub1cch…f8nu) npub126nsph7a2k9cd6kdr4cf0qu24ph5uv7ly25d8syfpnvk8rs5g4uqu5fq05 (npub126n…fq05) Okay, I thought these were LE certs, looks like it's Cloudflare fronting Google Trust Services certificates (ironic) indeed. I assume Certbot is going to be used primarily in the context of acquiring LE certs.
This is still a Cloudflare problem as rightly identified, but still not a TLS problem, and it's very likely the person who set up this fake website never touched Certbot or knows who the EFF is (Cloudflare will handle certificates), so you are still misguided in where you are placing your anger for the latter half of this screed.
As for OCSP, that's news to me, and good riddance. There is no possible scenario where CRLs are more resource intensive and more leaky/privacy invading than OCSP ever was, even with stapling. I have advocated for CRLs in the past quite a bit and this news seems to have once again validated that stance. This is also not a LE specific change, as Apple, Mozilla, and the whole CA/Browser forum jumped on this change.
7666 /
npub1sp…urvh2
2024-12-27 18:07:57
in reply to nevent1q…s6x5
Author Public Key
npub1sput9e2yvegra6rffnj700sj28pzuxk2nk8kde8mc9mkc277k3wq0urvh2Published at
2024-12-27 18:07:57Event JSON
{
"id": "7470c2a210351cccfc72c0483c31f2a0e379a5a528e4f25496ca292361684cb4",
"pubkey": "8078b2e54466503ee8694ce5e7be1251c22e1aca9d8f66e4fbc1776c2bdeb45c",
"created_at": 1735322877,
"kind": 1,
"tags": [
[
"p",
"c62faae4d26181b569c0115478d3f48d86c72ac5df2303bebba6de39df624983",
"wss://nostr.sprovoost.nl"
],
[
"p",
"56a700dfdd558b86eacd1d7097838aa86f4e33df22a8d3c0890cd9638e144578",
"wss://nostr.sprovoost.nl"
],
[
"p",
"20930bb37c402b36d6577333ebddc01318bf20a854617e8c544d1cd623541954",
"wss://nostr.sprovoost.nl"
],
[
"p",
"ef64a13c28f3b747b81b2bf7811aad358f037982647c69be4a0f191f4816e7d0",
"wss://nostr.sprovoost.nl"
],
[
"e",
"3086bdad70d44ac3dbcb008d97714677db990e3da299dc22d39e48552bdada45",
"wss://nostr.sprovoost.nl",
"reply"
],
[
"proxy",
"https://comp.lain.la/objects/77d6f0ec-9ecf-44fe-b613-016e9671ebd0",
"activitypub"
]
],
"content": "nostr:npub1cch64exjvxqm26wqz92835l53krvw2k9mu3s804m5m0rnhmzfxpsjwf8nu nostr:npub126nsph7a2k9cd6kdr4cf0qu24ph5uv7ly25d8syfpnvk8rs5g4uqu5fq05 Okay, I thought these were LE certs, looks like it's Cloudflare fronting Google Trust Services certificates (ironic) indeed. I assume Certbot is going to be used primarily in the context of acquiring LE certs.\n\nThis is still a Cloudflare problem as rightly identified, but still not a TLS problem, and it's very likely the person who set up this fake website never touched Certbot or knows who the EFF is (Cloudflare will handle certificates), so you are still misguided in where you are placing your anger for the latter half of this screed.\n\nAs for OCSP, that's news to me, and good riddance. There is no possible scenario where CRLs are more resource intensive and more leaky/privacy invading than OCSP ever was, even with stapling. I have advocated for CRLs in the past quite a bit and this news seems to have once again validated that stance. This is also not a LE specific change, as Apple, Mozilla, and the whole CA/Browser forum jumped on this change.",
"sig": "0bda05d8ed7ea11954318849c0ea1d89de478cac61e7f4beacca16e628b55f032c7007280d242be2f242513964566cd20fdc81358ecf3894f4cbadd8d24d2442"
}