npub1cch64exjvxqm26wqz92835l53krvw2k9mu3s804m5m0rnhmzfxpsjwf8nu (npub1cch…f8nu) npub126nsph7a2k9cd6kdr4cf0qu24ph5uv7ly25d8syfpnvk8rs5g4uqu5fq05 (npub126n…fq05)
>the CA/B forum and browser manufacturers only serve the interests of (and is/are sponsored by) big tech; it's all about making big money.
I mean, does it not make sense that the largest contributors to a board/forum are the largest contributors to what that board/forum is designed to manage? Do you take issue with PLC manufacturers being part of the IEC? Why should end users participate in a highly technical, standards setting forum when they can't tell an IP address from a phone number?
>One user of .bond domains wastes probably more than 10.000 Let's Encrypt certificates *PER DAY*. That means *MILLIONS PER YEAR*.
There are CA rate limits. If they're bypassed, that's on LE to solve.
>Why? Because those certs are "free" (they are for them), nobody asks questions, you obtain them instantaneously while remaining anonymous.
Good. Anonymity is paramount to the internet. If we attempt to punish abusers of services by ALSO punishing regular users by taking that away, the punishment is invalid. See: Chat Control regulations in the EU as an example of a misguided effort punishing regular users for what criminals do. https://proton.me/blog/eu-parliament-chat-control
>Again each cert for exactly one domain name. That's why I think this one party obtains at least 10,000 LE certs per day. For spammy websites.
Internet freedom trumps all concerns. Go ahead, make a spammy website. I don't care. That's the beauty of it. I also personally run a widely used service (500TB/mo bandwidth) that is completely usable without requiring registration or user data and *I am fine with it*.
>Somebody has to pay for the LE infrastructure: indirectly that's you and me, and people (or companies, hospitals etc.) robbed online in particular. Every party involved makes money from cybercrime (including Josh Aas' salary), and each of them says that preventing cybercrime not their responsibility - guess why they'd say that.
I don't recall seeing a bill from LE, which is a free service. You continue to miss my point that the blame for cybercrime lies purely with the person committing said crime. Culpability is really only limited to provable corporate negligence in whatever platform you've set up, e.g. if you're a moron and lose your database to SQL injection.
Can Cloudflare (or Amazon) be considered negligent here? I'm not sure. There are no laws against requesting 10,000 certs a day. And there will always be more ne'er-do-wells than there will be cybersecurity professionals worth their salt because cybersecurity is treated as a business risk nowadays, and the correct answer for most C levels is "just enough" security to not get compromised because there is money to be made and risk mitigation costs money.
You should really target your efforts at that C-level fallacy there and not whatever individual grudges you seem to have picked up, because stronger enforcement and pre-emptive detection of abuse IS a worthy cause, but lashing out at technology and identity as a solution is a complete miss.
(edit: formatting)
7666 /
npub1sp…urvh2
2024-12-27 20:27:37
in reply to nevent1q…4rka
Author Public Key
npub1sput9e2yvegra6rffnj700sj28pzuxk2nk8kde8mc9mkc277k3wq0urvh2Published at
2024-12-27 20:27:37Event JSON
{
"id": "5333044450d188586ba95ad6880d6ba891813a4e3c311a964646c0e2bbf29c8b",
"pubkey": "8078b2e54466503ee8694ce5e7be1251c22e1aca9d8f66e4fbc1776c2bdeb45c",
"created_at": 1735331257,
"kind": 1,
"tags": [
[
"p",
"c62faae4d26181b569c0115478d3f48d86c72ac5df2303bebba6de39df624983",
"wss://nostr.sprovoost.nl"
],
[
"p",
"56a700dfdd558b86eacd1d7097838aa86f4e33df22a8d3c0890cd9638e144578",
"wss://nostr.sprovoost.nl"
],
[
"p",
"20930bb37c402b36d6577333ebddc01318bf20a854617e8c544d1cd623541954",
"wss://nostr.sprovoost.nl"
],
[
"p",
"ef64a13c28f3b747b81b2bf7811aad358f037982647c69be4a0f191f4816e7d0",
"wss://nostr.sprovoost.nl"
],
[
"e",
"fc08bedb11501e5c1a8a4a2942ac0c2609880f837fedc57cff26214d7c66f663",
"wss://nostr.sprovoost.nl",
"reply"
],
[
"proxy",
"https://comp.lain.la/objects/ddb7dd93-2c13-4a90-9f1e-c62be0c60777",
"activitypub"
]
],
"content": "nostr:npub1cch64exjvxqm26wqz92835l53krvw2k9mu3s804m5m0rnhmzfxpsjwf8nu nostr:npub126nsph7a2k9cd6kdr4cf0qu24ph5uv7ly25d8syfpnvk8rs5g4uqu5fq05 \n\n\u003ethe CA/B forum and browser manufacturers only serve the interests of (and is/are sponsored by) big tech; it's all about making big money.\n\nI mean, does it not make sense that the largest contributors to a board/forum are the largest contributors to what that board/forum is designed to manage? Do you take issue with PLC manufacturers being part of the IEC? Why should end users participate in a highly technical, standards setting forum when they can't tell an IP address from a phone number?\n\n\u003eOne user of .bond domains wastes probably more than 10.000 Let's Encrypt certificates *PER DAY*. That means *MILLIONS PER YEAR*. \n\nThere are CA rate limits. If they're bypassed, that's on LE to solve.\n\n\u003eWhy? Because those certs are \"free\" (they are for them), nobody asks questions, you obtain them instantaneously while remaining anonymous.\n\nGood. Anonymity is paramount to the internet. If we attempt to punish abusers of services by ALSO punishing regular users by taking that away, the punishment is invalid. See: Chat Control regulations in the EU as an example of a misguided effort punishing regular users for what criminals do. https://proton.me/blog/eu-parliament-chat-control\n\n\u003eAgain each cert for exactly one domain name. That's why I think this one party obtains at least 10,000 LE certs per day. For spammy websites. \n\nInternet freedom trumps all concerns. Go ahead, make a spammy website. I don't care. That's the beauty of it. I also personally run a widely used service (500TB/mo bandwidth) that is completely usable without requiring registration or user data and *I am fine with it*.\n\n\u003eSomebody has to pay for the LE infrastructure: indirectly that's you and me, and people (or companies, hospitals etc.) robbed online in particular. Every party involved makes money from cybercrime (including Josh Aas' salary), and each of them says that preventing cybercrime not their responsibility - guess why they'd say that.\n\nI don't recall seeing a bill from LE, which is a free service. You continue to miss my point that the blame for cybercrime lies purely with the person committing said crime. Culpability is really only limited to provable corporate negligence in whatever platform you've set up, e.g. if you're a moron and lose your database to SQL injection. \n\nCan Cloudflare (or Amazon) be considered negligent here? I'm not sure. There are no laws against requesting 10,000 certs a day. And there will always be more ne'er-do-wells than there will be cybersecurity professionals worth their salt because cybersecurity is treated as a business risk nowadays, and the correct answer for most C levels is \"just enough\" security to not get compromised because there is money to be made and risk mitigation costs money.\n\nYou should really target your efforts at that C-level fallacy there and not whatever individual grudges you seem to have picked up, because stronger enforcement and pre-emptive detection of abuse IS a worthy cause, but lashing out at technology and identity as a solution is a complete miss.\n\n(edit: formatting)",
"sig": "6f7705fa4ecb6bae08283e576817fb16ca80394897436e7a029675735b3cc86f1c1a120748d09b8bc33baab76567fbfdd1c64755444a85f12ae3732b23d39c48"
}