Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Let's Encrypt Wildcard Certificates Coming in January 2018 - Page 2
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Let's Encrypt Wildcard Certificates Coming in January 2018

    2»

    Comments

    • Cloudflare has issued Free Wildcard SSL For Sometimes now. Why people raging when LE do it.

    • bapbap Member

      @raindog308 said:
      I don't feel safe!

      image

      >

      You should starts using condoms...
      or pills..

      Wildcard certificates will be offered free of charge via our upcoming ACME v2 API endpoint.

      I love free stuff!

    • williewillie Member

      bsdguy said:

      So forgive me if my patience with Mr. "crypto is my hobby"

      You are not coming across as very knowledgeable yourself. Buzzword bingo only gets you so far.

      Thanked by 1raindog308

      #lexit spread the word.

    • yokowasis said: Cloudflare has issued Free Wildcard SSL For Sometimes now. Why people raging when LE do it.

      any source?

      We only support unsupported OS!

    • bsdguybsdguy Member

      @willie said:

      bsdguy said:

      So forgive me if my patience with Mr. "crypto is my hobby"

      You are not coming across as very knowledgeable yourself. Buzzword bingo only gets you so far.

      I don't care how I come across. That's utterly unimportant. Important is what one knows and, in this case, what actual experience one has based on actually written code, formal specifications (e.g. tla+), and formal verification (both for code and for crypto protocols).

      Just for the fun of it

      param attacker = active . (* Assume worst Dolev-Yao attacker *)
      
      free c .
      private free GID  .     
      
      fun hash/2 .(* ( GID : bitstring, bitstring) :  RndChl: bitstring - return bitstring *)
      fun senc/2 . (* (command, key) : bitstring *)
      reduc sdec(senc(x,y),y) = x.
      
      query attacker : GID . 
      query ev:ClientChallengeResponse(RC) ==> ev:ServerChallenge(RC) .
      (* implicitely but necessarily proves the client is authorized *)
      query attacker : cmd.
      
      let ProcClient =
          new cmd;    
          in(c, RC);  
          event ServerChallenge(RC) ;
          out(c, (hash(RC, GID), senc(cmd, GID)));
          event ClientChallengeResponse(RC) .
      
      let ProcServer =
          new RndChl; (* bitstring ;  128 bit random challenge *)
          out(c, RndChl);
          in(c, (ChlResp, eCmd)); 
          if hash(RndChl, GID) = ChlResp then
              event CmdRecvd(sdec(eCmd, GID))
          else 0.
      

      My favourite prime number is 42. - \forall cpu in {intel, amd, arm}: cpu->speed -= cpu->speed/100 x irandom(15, 30) | state := hacked

    • WilliamWilliam Member, Provider
      edited July 2017

      bsdguy said: I hope the visual hints can help you to understand.

      You are aware that you do not have to use OpenSSL, right? Microsoft IIS generates certs without openssl entirely, as do a LOT of hardware appliances.

      None of these had any heartbleed issues.

      bsdguy said: How about the bloody reality that plenty MITM attacks have been successfully performed?

      Only if the attacker had control of a valid CA in the users system. No CA has ever been re-generated from only public available data and with current computing capacity this is aside of a nearly impossible random hit impossible.

      bsdguy said: LE requires one to have sufficient control over a system to run one of the "get me an LE cert" toys

      No, it does not - you can totally run the cert creation on another system and just upload the file on the webhost. Zero issue.


      I do not claim to have crypto idea overall and my math knowledge (or rather usability) is on the autism spectrum, but these points are even clear to me...

    • bsdguybsdguy Member
      edited July 2017

      @William said:
      You are aware that you do not have to use OpenSSL, right? Microsoft IIS generates certs without openssl entirely, as do a LOT of hardware appliances.

      None of these had any heartbleed issues.

      Absolutely. And while, yes, openssl is a particularly bloody one, all ssl implementations had problems at some point in time.

      Moreover and more importantly: heartbleed is but one, albeit particularly nasty and well know problem; I mentioned it as an example.

      bsdguy said: How about the bloody reality that plenty MITM attacks have been successfully performed?

      Only if the attacker had control of a valid CA in the users system. No CA has ever been re-generated from only public available data and with current computing capacity this is aside of a nearly impossible random hit impossible.

      Wrong. See my example above with victim.com\0evil-guy.com. That is not theory, that problem existed for quite some years.

      bsdguy said: LE requires one to have sufficient control over a system to run one of the "get me an LE cert" toys

      No, it does not - you can totally run the cert creation on another system and just upload the file on the webhost. Zero issue.

      If that is true than it's even worse in that LE does not even give that minimal guarantee.

      You see, there are profound problem classes on multiple levels. I named an example above: A standard has a useful function but it's worth nothing if it isn't properly modelled and verified. And that's no my private exotic view; that the (meanwhile and finally) well understood state of art.

      Another example: A standard doesn't care about implementation, e.g. about how a given programming language works. This also was a concrete and long existing problem because there are subtle algorithmic differences. One implementation might (as has happened) scan a fqdn backwards and that makes sense considering how the domain name system works. Another implementation, however, might go the usual C route, namely to scan strings as char arrays and forward until \0. Exactly that was the attack vector for MITM attacks, because the CA software thought it had issued a cert for evil-guy.com while the client software saw a cert for victim.com.

      C is a major culprit anyway, i.a. because while being very widely used it is ambiguous and can not possibly be formally verified; the best one can do is to verify what a given compiler takes C to mean. And even then it's difficult.

      It is for those reasons that two things happened recently or are currently happening: a) tls 1.3 has a formal spec. (it's idiotic anyway but at least it's "properly idiotic" g) and b) tls is implemented in F star (an exotic language that allows to formally statically verify code).
      The *vast
      majority of actually used code, however, is based on not properly specified, let alone modelled standards and on quite poor C code.

      It's simply nonsensical and untenable to call ssl or any common implementation of it "safe" or "secure".

      You want such a statement to mean something, right? You want that when XYZ is called secure then it actually is secure. But how can we call XYZ secure when its standard is not properly designed and verified and when its implementation has but some unit tests if that. What does "secure" mean then?

      My favourite prime number is 42. - \forall cpu in {intel, amd, arm}: cpu->speed -= cpu->speed/100 x irandom(15, 30) | state := hacked

    • @sibaper said:

      yokowasis said: Cloudflare has issued Free Wildcard SSL For Sometimes now. Why people raging when LE do it.

      any source?

      No Source, Take my word for it. Moreover it expire years from now.

    • SplitIceSplitIce Member, Provider

      @yokowasis only furthering the point SSL != Trust. But if that's to be beleived it sounds like extremely bad practice. What happens when the domain changes hands some time in the next 15 years?

      Hmm... perhaps SSL certificates should be tied to domain expiration...

      X4B - DDoS Protection: Affordable Anycast DDoS protection including Layer 7 mitigation with PoPs in the US, EU and Asia.
      Latest Offer: Black Friday 2019 Offer
    • WilliamWilliam Member, Provider

      bsdguy said: If that is true than it's even worse in that LE does not even give that minimal guarantee.

      Why? You just upload the file with the hash to the webserver which it calls then, why would there be ANY need to generate it there? This in no way degrades any security in any way.

      This is literally the same as a reverse proxy, obviously LE works behind a reverse proxy as it just passes the req for the verification file to the backend server 1:1....

      You can also use the same file based verification on MANY commercial CAs, this is not a LE unique feature and they were not the first with it either.

      bsdguy said: Exactly that was the attack vector for MITM attacks, because the CA software thought it had issued a cert for evil-guy.com while the client software saw a cert for victim.com.

      This is a CA code bug, not a security issue of TLS/SSL.

      bsdguy said: It's simply nonsensical and untenable to call ssl or any common implementation of it "safe" or "secure".

      You did in no way prove that the actual crypto is not secure, you only show things that depend on CA software used and validation issues. Severity wise this is below heartbleed entirely.

      Thanked by 1maverickp
    • ZerpyZerpy Member

      @yokowasis said:
      Cloudflare has issued Free Wildcard SSL For Sometimes now. Why people raging when LE do it.

      Because Let's Encrypt certs is installed on your own servers and not some anti-ddos-ish / cdn-ish provider.

      So it's great news for us people that do not like CloudFlare for various reasons :-) Such as the fact they decrypt traffic on their edges.

    • jvnadrjvnadr Member

      @joepie91 @bsdguy Get a room :)

      I am here occasionally nowadays, because I really prefer https://talk.lowendspirit.com . You should try it, it is fat-free, delicious with fresh ingredients combined with the deep knowledge of the old chefs!

    • yokowasis said: No Source, Take my word for it. Moreover it expire years from now

      nope that not wildcard SSL, to make sure check your Common Name, max expired date SSL is 3 year, your screenshot show too far away to future :-)

      We only support unsupported OS!

    • ZerpyZerpy Member

      @sibaper said:

      yokowasis said: No Source, Take my word for it. Moreover it expire years from now

      nope that not wildcard SSL, to make sure check your Common Name, max expired date SSL is 3 year, your screenshot show too far away to future :-)

      Edge certificates are wildcard - feel free to verify here: https://cdn-traffic.com/

      The certificate that @yokowasis shows is their origin certificates and are indeed wildcard certificates as well... but they're signed by CloudFlare and would not be validated by any decent browser anyway - but ya the edge ones are issued by Comodo, and as you can see - they put a whole lot of domains on the same cert:

      Thanked by 1sibaper
    • Zerpy said: Edge certificates are wildcard - feel free to verify here: https://cdn-traffic.com/

      thanks for pointing that

      We only support unsupported OS!

    • joepie91joepie91 Member, Provider
      edited July 2017

      Fuckssake man, know when to cut your losses.

      @bsdguy said:
      @joepie91

      libcrypto implements pretty much all of the crypto in []ssl. Moreover libcrypto contains all that is needed for public key exchange and other vital elements for ssl/tls. One could even say that []ssl is but a library wrapper around libcrypto offering some ssl functionality ssh (and many others) doesn't need but web related stuff needs.

      No, it doesn't implement "SSL functionality". It "provides the fundamental cryptographic routines used by libssl" (source) which, you guessed it, are generic cryptographic routines that are not inherently related to SSL but happen to be used in it and are often treated as the default implementation on Linux systems.

      It's a generic cryptography library, that implements routines that are used by both SSH and SSL - but that doesn't mean that SSH "uses SSL". Perhaps a diagram will help you understand:

      While you continue to dabble in protocols theory and (rather uninformed) ssl/tls evangelization, we do have real and serious problems in the field of IT security.

      To offer just one example (that happens to currently be in the news) -> https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html

      That problem class is related to both crypto (largely being absent or primitive) and to scada being a security nightmare.

      Okay? This has absolutely zero to do with TLS whatsoever.

      Another and deeper problem class is that we have to choose between either algorithms that are well established and understood but based on only 2 security reductions, namely rsa and ecc, or rather new algorithms that unlike the current ones are supposed to be post-quantum secure but are not yet well enough understood, let alone established (e.g. lattice or hash based crypto).
      And as if that weren't frightening enough, vast bodies of security related software (like servers and browsers) are riddled with quite questionable implementations and lots of errors yet to be found, some of them fatal.

      Again, unrelated to TLS.

      You see, I shit on the protocols and standards you love to wave around. Simple reason: they are worthless unless they are a) formally verified and b) properly specified, modelled, and implemented in a verifiable way.
      Guess what: tls 1.3 is the first tls version that has at least been properly specified.

      Source please.

      Without being formally specified and modelled a protocol is but toilet paper. Besides some (laudable) security fanatics who work on implementing tls in F star (which, however, is practically quite useless) tls is implemented once more in C, a language that can not possibly be used to create verifiable code.

      No, it isn't. OpenSSL is implemented in C, not "TLS". TLS is a protocol of which many implementations exist. I don't know how many times I need to repeat this to you before the penny drops.

      So forgive me if my patience with Mr. "crypto is my hobby" is rather limited. If you really care more than a rats ass about security you should actually be happy about people like me.

      Why would I be? You're not actually arguing anything that's constructive towards improving security, you're just blathering on about your completely flawed understanding of how modern TLS stacks work, drawing conclusions from it that make absolutely no sense, and bragging about how supposedly qualified you are.

      If I care about security - which, for the record, I do, or I wouldn't be here debunking your bullshit - then the value of your contributions approximates zero. You're all talk and no substance, and making factually incorrect proclamations about current tooling isn't going to improve on that tooling.

      But, you see, patiently discussing with you and ever so slooooowly moving you towards the lights might be a laudable goal; unfortunately, however, there are medical systems, weapon systems, air control systems, nuclear systems and the like waiting to be taken out of the danger zone.

      Again, totally unrelated to TLS, and drop the arrogance. It's of zero value in a technical discussion.

    • Cloudflare has CA Certificate. We shouldn't be worried about it getting invalidated by popular browser. And I am using it myself, I have no problem whatsoever. And yeah, the certificated itself is shared. But Free Wildcard SSL is Free Wilcard SSL. It served it purpose. The only downside is you must use the orange cloudflare, otherwise it won't work.

    • Good news! At first when LE went public I didn't use it and wanted to wait and see. At the beginning my doubts were validated by some really funny incidents on sites using LE. It matured however and I now love LE. WC SSL from LE will be awesome. Won't have to bother around anymore with getting new certificates for every new domain.

      Screw you guys. I'm going home.

    • nulldevnulldev Member
      edited July 2017

      @joepie91 @bsdguy
      What's the point of all this bickering? In the end SSL/TLS may be badly implemented but your definition: "SSL certs are designed to validate that a system belongs to a legal entity" is clearly not accepted by the majority of people. It's not getting any closer either.

      Give it up man, you are fighting a losing battle here.

      Bored developer: https://nulldev.xyz/

    • @nulldev said:
      @joepie91
      What's the point of all this bickering? In the end SSL/TLS may be badly implemented but your definition: "SSL certs are designed to validate that a system belongs to a legal entity" is clearly not accepted by the majority of people. It's not getting any closer either.

      Give it up man, you are fighting a losing battle here.

      I actually agree with @joepie91 on these points, and the reason I haven't voiced my opinion is because he is making much better arguments than I ever could.

      Thanked by 1maverickp

      I like my uptime down low and my servers all hacked. Can see me droppin' twenty-fours with a router in the rack.
      Ya like ya Switch-Ports hot and ya servers all hacked. If ya pings real high and ya networks pitch black.

    • nulldevnulldev Member
      edited July 2017

      @teamacc said:

      @nulldev said:
      @joepie91 @bsdguy
      What's the point of all this bickering? In the end SSL/TLS may be badly implemented but your definition: "SSL certs are designed to validate that a system belongs to a legal entity" is clearly not accepted by the majority of people. It's not getting any closer either.

      Give it up man, you are fighting a losing battle here.

      I actually agree with @joepie91 on these points, and the reason I haven't voiced my opinion is because he is making much better arguments than I ever could.

      Obviously some people do agree with joepie91 bsdguy but the fact that Let's Encrypt is able to do what they do is because the majority do not agree.

      Bored developer: https://nulldev.xyz/

    • @nulldev said:

      @teamacc said:

      @nulldev said:
      @joepie91
      What's the point of all this bickering? In the end SSL/TLS may be badly implemented but your definition: "SSL certs are designed to validate that a system belongs to a legal entity" is clearly not accepted by the majority of people. It's not getting any closer either.

      Give it up man, you are fighting a losing battle here.

      I actually agree with @joepie91 on these points, and the reason I haven't voiced my opinion is because he is making much better arguments than I ever could.

      Obviously some people do agree with joepie91 but the fact that Let's Encrypt is able to do what they do is because the majority do not agree.

      I do not see your point unless cloudflare is filtering out the sarcasm tags

      Thanked by 1caracal

      I like my uptime down low and my servers all hacked. Can see me droppin' twenty-fours with a router in the rack.
      Ya like ya Switch-Ports hot and ya servers all hacked. If ya pings real high and ya networks pitch black.

    • nulldevnulldev Member
      edited July 2017

      @teamacc said:

      @nulldev said:

      @teamacc said:

      @nulldev said:
      @joepie91 @bsdguy
      What's the point of all this bickering? In the end SSL/TLS may be badly implemented but your definition: "SSL certs are designed to validate that a system belongs to a legal entity" is clearly not accepted by the majority of people. It's not getting any closer either.

      Give it up man, you are fighting a losing battle here.

      I actually agree with @joepie91 on these points, and the reason I haven't voiced my opinion is because he is making much better arguments than I ever could.

      Obviously some people do agree with joepie91 bsdguy but the fact that Let's Encrypt is able to do what they do is because the majority do not agree.

      I do not see your point unless cloudflare is filtering out the sarcasm tags

      What I'm trying to say is: "Let's Encrypt" obviously does not verify that a domain belongs to a specific legal entity before issuing a certificate for that domain. Nor does Cloudflare (who also gives out free SSL certs). Let's Encrypt is backed by several large companies and has millions of users. Same as Cloudflare.

      In conclusion, from these facts, I believe I can assume that since Let's Encrypt and Cloudflare do not verify that a domain belongs to a specific legal entity (for which they issue certificates for), they do not believe that SSL certificates should validate that a system belongs to specific legal entity. If they did, they would validate the domains with the corresponding legal entities before certificate issuance or else their certificates would be worthless.

      The fact that Let's Encrypt has been authorized to begin issuing wildcard certificates further strengthens my conclusion.

      Bored developer: https://nulldev.xyz/

    • joepie91joepie91 Member, Provider

      @nulldev said:
      @joepie91
      What's the point of all this bickering? In the end SSL/TLS may be badly implemented but your definition: "SSL certs are designed to validate that a system belongs to a legal entity" is clearly not accepted by the majority of people. It's not getting any closer either.

      Give it up man, you are fighting a losing battle here.

      Uh, you're addressing the wrong person. It's @bsdguy who claimed that "SSL certs are designed to validate that a system belongs to a legal entity". Parts of my ongoing arguments are to dispel that myth and a number of other (more dangerous) myths.

    • nulldevnulldev Member
      edited July 2017

      @joepie91 said:

      @nulldev said:
      @joepie91
      What's the point of all this bickering? In the end SSL/TLS may be badly implemented but your definition: "SSL certs are designed to validate that a system belongs to a legal entity" is clearly not accepted by the majority of people. It's not getting any closer either.

      Give it up man, you are fighting a losing battle here.

      Uh, you're addressing the wrong person. It's @bsdguy who claimed that "SSL certs are designed to validate that a system belongs to a legal entity". Parts of my ongoing arguments are to dispel that myth and a number of other (more dangerous) myths.

      Whoops, your right. I tagged the wrong guy. It's supposed to be @bsdguy. Fail, editing previous posts to reflect this epic fail.

      Thanked by 1joepie91

      Bored developer: https://nulldev.xyz/

    • joepie91joepie91 Member, Provider

      @nulldev said:

      @joepie91 said:

      @nulldev said:
      @joepie91
      What's the point of all this bickering? In the end SSL/TLS may be badly implemented but your definition: "SSL certs are designed to validate that a system belongs to a legal entity" is clearly not accepted by the majority of people. It's not getting any closer either.

      Give it up man, you are fighting a losing battle here.

      Uh, you're addressing the wrong person. It's @bsdguy who claimed that "SSL certs are designed to validate that a system belongs to a legal entity". Parts of my ongoing arguments are to dispel that myth and a number of other (more dangerous) myths.

      Whoops, your right. I tagged the wrong guy. It's supposed to be @bsdguy. Fail, editing previous posts to reflect this epic fail.

      No worries, I'd imagine it's easy to lose track of people when novel-sized replies start appearing :)

      Thanked by 1vimalware
    • bsdguybsdguy Member

      @joepie91 said:
      It's a generic cryptography library, that implements routines that are used by both SSH and SSL - but that doesn't mean that SSH "uses SSL". Perhaps a diagram will help you understand:

      $ apt-cache search libcrypto
      ...
      libssl-dev - Secure Sockets Layer toolkit - development files
      libssl-doc - Secure Sockets Layer toolkit - development documentation
      libssl1.1 - Secure Sockets Layer toolkit - shared libraries
      libssl1.0-dev - Secure Sockets Layer toolkit - development files
      libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
      r-cran-openssl - GNU R toolkit for encryption, signatures and certificates based on OpenSSL
      libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
      
      $ apt-file search libcrypto.so
      libssl-dev: /usr/lib/x86_64-linux-gnu/libcrypto.so
      libssl1.0-dev: /usr/lib/x86_64-linux-gnu/libcrypto.so
      libssl1.0.2: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
      libssl1.1: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
      

      Again, totally unrelated to TLS, and drop the arrogance. It's of zero value in a technical discussion.

      I don't see a technical discussion; you simply lack the qualification. You talk as if you were someone in security yet do not even know about tls 1.3 formal spec ... ridiculous.

      @William said:
      This is a CA code bug, not a security issue of TLS/SSL.

      Well, obviously it's not as the client side plays an important part, too.

      As for the rest: Well, good luck with theoretically "secure" ssl/tls. Here in the real world security depends on implementations.

      @all

      As the point has been reached where "the majority" and "big companies are behind it, so it must be good" are used as an argument I end that discussion for my part and wish you all good luck with LE, big companies, and the majority (btw: what's the take of insects on security? After all they are far more than we are).

      My favourite prime number is 42. - \forall cpu in {intel, amd, arm}: cpu->speed -= cpu->speed/100 x irandom(15, 30) | state := hacked

    • joepie91joepie91 Member, Provider

      [snipped apt results]

      And what is your point here, exactly? None of that output contradicts what I just explained to you - unless you're trying to imply that the package being named libssl means that it just contains libssl (which it does not, and is a Debian packaging quirk).

      Seriously, you're grasping at straws here to try and defend your claim that even a small amount of research would show is total nonsense. I've even linked you the page on the OpenSSL site that explains it.

      bsdguy said: I don't see a technical discussion; you simply lack the qualification.

      You keep going on about "qualifications", yet 1) you're continuously making provably false statements showing an extremely poor understanding of the subject matter, and 2) you've never even asked for my qualifications.

      And seriously, do you really believe that jabbering on about "qualifications" somehow makes factually wrong statements correct or vice versa? You've made a considerable pile of patently false claims, it's as simple as that. No amount of "qualifications" will change that, and if you're unable to have a technical discussion on its own merits, you're not worth the qualifications you claim to have.

      bsdguy said: You talk as if you were someone in security yet do not even know about tls 1.3 formal spec ... ridiculous.

      It has nothing to do with me knowing or not knowing things. It has to do with me expecting you to back up your claims, which you are currently failing to do. The one making the claim bears the burden of proof.

    • bsdguybsdguy Member

      @joepie91 said:

      It has nothing to do with me knowing or not knowing things. It has to do with me expecting you to back up your claims, which you are currently failing to do. The one making the claim bears the burden of proof.

      Wrong again. Obviously you lack experience in academics and engineering. Established knowledge in a professional field must not be proven but is considered to be known.

      Anyway, enjoy what you seem to consider a victory.
      I simply do 2 things: a) I'm continuing to work on sound and safe software, and b) I'm enjoying the next big bad surprise in your funny "ssl/tls/LE is great and secure" universe ;)

      My favourite prime number is 42. - \forall cpu in {intel, amd, arm}: cpu->speed -= cpu->speed/100 x irandom(15, 30) | state := hacked

    • joepie91joepie91 Member, Provider

      bsdguy said: Obviously you lack experience in academics and engineering. Established knowledge in a professional field must not be proven but is considered to be known.

      You are kidding, right? Please tell me you're kidding.

      This is just the old "that's common sense" non-argument repackaged in a more authorative-sounding form. If it really is established knowledge, it should be trivial for you to support your claim. The fact that you refuse to do so, tells me enough.

    • So, @bsdguy decided to grab about how SSL sucks because every SSL should actually be an EV SSL, that verifies the company/organization? (I need a TL;DR)

    • WSSWSS Member

      JESUS CHRIST GUYS JUST FUCK AND GET OVER IT. I need some attention, too.

      I won't be back until @bsdguy is released.

    • huntercophuntercop Member
      edited July 2017

      image

      note from mod: I tried to edit your post because your image was broken, but even with a proper img src tag, it doesn't work.

    • raindog308raindog308 Moderator

      luissousa said: I need a TL;DR

      1. Very soon even your toaster will have an SSL cert because now you can wildcared LE. LE certs will be EVERYWHERE. Your mother will have one. Your navel will have one. Every time you flush the toilet, you'll be flushing away SSL certs but no one will care because they're going to be like electrons now.

      2. But this also means your bank is actually a web site in Latveria run by Dr. Doom.

      3. So is LowEndTalk. Didn't check the padlock did you? Fool! I warned you all.

      4. People had sex with punctuation in this thread. Ironically, it was not with a colon. Fortunately, the punctuation was not on its period.

      5. The .fi registry has partnered with the Russian Mafia on numerous occasions to run phishing campaigns. Bastards.

      6. You should all be using libressl. (OK no one said that here but consider it a PSA about openssl, which ironically is not written by the same people who wrote open-everything-else. Man this thread is just dripping with irony.)

      7. Some people think EV certs are a big scam because they don't check that the owner is who he claims to be and is the owner of a given domain even though that's exactly what EV issuers do and in fact it's kind of a drawn-out pain in the colon (not the punctuation in this case).

      8. LE is merely a puppet, dancing to the strings of the sinister global browser mafia. We know this because there is reason to believe this.

      9. Apparently LE is unnecessary because we should all just be using our own self-signed certificates because that protects us against MITM attacks and in fact protects us better than Let's Encrypt.

      10. Some people just opt out of the reality consensus.

      11. @stefeman achieved self actualization because his greatest shitstorm dreams were realized. I hope this is just a preliminary effort because the guy's got talent.

      12. @jarland was compared to Einstein, though most of us read that as Einstein being compared to @jarland, and laughed derisively. I mean, give me a break...it's a provable fact that Einstein never wrote shell scripts, never created iptables rules, and never even installed Linux once so comparing him to @jarland is pretty laughable.

      13. @jarland personally delivered every AOL CD ever made, and long after the planet has turned into a hellish greenhouse-gas-powered flesh-melting furnace, his fingerprints will still be buried in landfills for another 20,000,000 years. He is mankind's legacy.

      14. @jarland's career has gone in a better direction since he was 16. Most of the people he deals with now can find their keyboards.

      15. Ad hominems still don't win arguments on the Internet.

      16. Discursive seppuku was observed.

      17. I told you this thread was dripping with irony.

      18. @joepie91's domain is still cryto.net

      19. ssh uses ssl, except it doesn't. Also, there was once a bug that mortals were not privvy to and this makes C, browsers, and pretty much the entire Internet forever unusable.

      20. There was some scatplay talk involving protocols, but you'll have to read that part on your own because I don't feel like going there.

      21. @Cartman loves Let's Encrypt so much they're getting married. Mazel Tov, @Cartman!

      22. Opinion: the comment style pioneered by Pascal was, is, and shall always be ugly. It's Wirthless.

      23. @bsdguy is riding into the fucking danger zone.

      24. We have to replace all the C code because it's not l33t enough.

      25. Because of CloudFlare, you might think you're going to carol.host but actually be going to chuck.host. Doors have been opened and lives have been changed due to experiences like that.

      26. @WSS needs to spoon.

      27. Haribo Happy Cola gummi candies are awesome. I ate a whole bag of them while reading this thread and now I feel kind of sick but also kind of good.

      Sorry, that was too long.

      tl;dr of the tl;dr: You are not formally statically verified and are hence you are scum.

      For LET support, please visit the interim support desk.

    • WSSWSS Member

      @raindog308 lets cuddle

      Thanked by 1luissousa

      I won't be back until @bsdguy is released.

    • NanoG6NanoG6 Member

      @raindog308 your summary even longer than the originals
      I only read the tl;dr of the tl;dr

      FREE $$$ DigitalOcean credit (affiliate link) || My VPS is being provided for free by Evolution Host
    • WSSWSS Member

      i am so totally registering bsdg.uy

      I won't be back until @bsdguy is released.

    • williewillie Member

      bsdguy said: I'm continuing to work on sound and safe software,

      When will we see some of it?

      #lexit spread the word.

    • @raindog308 said:

      luissousa said: I need a TL;DR

      1. Very soon even your toaster will have an SSL cert because now you can wildcared LE. LE certs will be EVERYWHERE. Your mother will have one. Your navel will have one. Every time you flush the toilet, you'll be flushing away SSL certs but no one will care because they're going to be like electrons now.

      2. But this also means your bank is actually a web site in Latveria run by Dr. Doom.

      3. So is LowEndTalk. Didn't check the padlock did you? Fool! I warned you all.

      4. People had sex with punctuation in this thread. Ironically, it was not with a colon. Fortunately, the punctuation was not on its period.

      5. The .fi registry has partnered with the Russian Mafia on numerous occasions to run phishing campaigns. Bastards.

      6. You should all be using libressl. (OK no one said that here but consider it a PSA about openssl, which ironically is not written by the same people who wrote open-everything-else. Man this thread is just dripping with irony.)

      7. Some people think EV certs are a big scam because they don't check that the owner is who he claims to be and is the owner of a given domain even though that's exactly what EV issuers do and in fact it's kind of a drawn-out pain in the colon (not the punctuation in this case).

      8. LE is merely a puppet, dancing to the strings of the sinister global browser mafia. We know this because there is reason to believe this.

      9. Apparently LE is unnecessary because we should all just be using our own self-signed certificates because that protects us against MITM attacks and in fact protects us better than Let's Encrypt.

      10. Some people just opt out of the reality consensus.

      11. @stefeman achieved self actualization because his greatest shitstorm dreams were realized. I hope this is just a preliminary effort because the guy's got talent.

      12. @jarland was compared to Einstein, though most of us read that as Einstein being compared to @jarland, and laughed derisively. I mean, give me a break...it's a provable fact that Einstein never wrote shell scripts, never created iptables rules, and never even installed Linux once so comparing him to @jarland is pretty laughable.

      13. @jarland personally delivered every AOL CD ever made, and long after the planet has turned into a hellish greenhouse-gas-powered flesh-melting furnace, his fingerprints will still be buried in landfills for another 20,000,000 years. He is mankind's legacy.

      14. @jarland's career has gone in a better direction since he was 16. Most of the people he deals with now can find their keyboards.

      15. Ad hominems still don't win arguments on the Internet.

      16. Discursive seppuku was observed.

      17. I told you this thread was dripping with irony.

      18. @joepie91's domain is still cryto.net

      19. ssh uses ssl, except it doesn't. Also, there was once a bug that mortals were not privvy to and this makes C, browsers, and pretty much the entire Internet forever unusable.

      20. There was some scatplay talk involving protocols, but you'll have to read that part on your own because I don't feel like going there.

      21. @Cartman loves Let's Encrypt so much they're getting married. Mazel Tov, @Cartman!

      22. Opinion: the comment style pioneered by Pascal was, is, and shall always be ugly. It's Wirthless.

      23. @bsdguy is riding into the fucking danger zone.

      24. We have to replace all the C code because it's not l33t enough.

      25. Because of CloudFlare, you might think you're going to carol.host but actually be going to chuck.host. Doors have been opened and lives have been changed due to experiences like that.

      26. @WSS needs to spoon.

      27. Haribo Happy Cola gummi candies are awesome. I ate a whole bag of them while reading this thread and now I feel kind of sick but also kind of good.

      Sorry, that was too long.

      tl;dr of the tl;dr: You are not formally statically verified and are hence you are scum.

      I really missed the Einstein and @jarlands part.

      I think we should name your new style tho! Maybe a TS;ML : too short, made it longer

      Thanked by 1joepie91
    • ricardoricardo Member
      edited July 2017

      raindog308 said: We have to replace all the C code because it's not l33t enough.

      This is true. Other languages written by the Gods are Turing complete and agree with the basics axioms of mathematics. C is written with breadsticks. The machine code it makes is 'just silly'.

      It would've been amusing to hear the logic behind the statement but I get the feeling it'll never come.

    • @WSS said:
      JESUS CHRIST GUYS JUST FUCK AND GET OVER IT. I need some attention, too.

      Agreed!
      Hey, BTW, is someone skilled enough to turn this into a "Epic LET Battles of History"-stlye video?

      Also, heres 3 attentions for you: attention, attention, attention

      Thanked by 1vimalware

      Don't forget to like, subscribe, and comment below.
      "they just simply can't trace me down on internet because I'm using Linux." Mr_indescribable

    • germanvpsgermanvps Member

      thats really great

    This discussion has been closed.