#dev 2020-12-02

2020-12-02 UTC
#
jacky
tbh handling certs on a 'blockchain' is a sensible case
#
[KevinMarks]
sure, but that's what CT does and it isn't a PoW thing https://www.certificate-transparency.org/
#
[KevinMarks]
if you use https URLs you get that for free
#
mayakate[m]
proof of work
#
jacky
ah okay
#
[tantek]
precisely mayakate[m]. SSB would be a much better starting point for a bunch of that stuff.
#
@timbray
7/ Now, blockchain. There have been billions in venture investments, many proofs-of-concept and pilot projects, and an endless stream of excited press releases.
(twitter.com/_/status/963115539181654016)
#
@timbray
15/15 This kind of shit discredits my profession. It hurts people. I wish it would stop. Please help stop it.
(twitter.com/_/status/963115546236542976)
geoffo joined the channel
[tw2113_Slack_], [eddie], [chrisaldrich], [Raphael_Luckom], KartikPrabhu and dopplergange joined the channel
#
[Raphael_Luckom]
so I'm looking at the certificate transparency docs and it looks cool. Just to make sure I understand, the user-level security feature is that issued certificates will contain proof that they _have_ been submitted to the log, and thus that their existence is subject to auditing?
[snarfed] joined the channel
#
[snarfed]
[Raphael_Luckom] the security feature of CT is more for cert issuers than end users. it lets site owners notice proactively if anyone else issuers a cert under one of their domains.
#
[snarfed]
and the proof is mainly just the existence in the logs, which are signed by CAs and related parties. afaik it doesn’t have any other custom type of “proof.” (which is good.)
[tw2113_Slack_], [chrisaldrich], [jeremycherfas], swentel, [tantek] and [Rose] joined the channel
#
sknebel
browser do some degree of validation of that too afaik (since nowadays all public certs should have CT entries), but I'm not up to date on how exactly. (for a while there was a specific header for sites to opt-in, but my understanding is that it is being phased out because nowadays CT logs should be standard) but snarfed is right, the main point is "a CA can't silently create an unauthorized cert, and if we ever encounter one we can
#
sknebel
proove that it did and whack it"
schmudde, jjuran, [jgmac1106], [KevinMarks], [Ana_Rodrigues], geoffo, sebbu, ethanyoo, [arush] and [Raphael_Luckom] joined the channel
#
[Raphael_Luckom]
cool, that makes sense, thanks [snarfed] and [sknebel].
[KevinMarks], ethanyoo, KartikPrabhu, [chrisaldrich], [tantek], swentel, dopplergange, [Raphael_Luckom], [mapkyca], [schmarty], [Emma_Humphries], schmudde and [jeremycherfas] joined the channel
[asuh] joined the channel
#
@geonz
↩️ (I still haven't quite figured out what 'webmentions' are, but since I don't think I have 'articles' anywhere but my blog...)
(twitter.com/_/status/1334259776331554817)
#
[Raphael_Luckom]
Always a weird experience to dig into a "bug" and eventually discover that it was correct behavior you didn't expect rather than incorrect behavior
#
@theprincessxena
↩️ https://indieweb.org/Webmention It's basically an @-mention that works across websites instead of social media users
(twitter.com/_/status/1334260018175205380)
[tantek] joined the channel
#
@ChrisAldrich
↩️ Sue, I wrote a generally non-technical primer on them a while back. I think they could be used to some interesting effect in the OER space actually. Perhaps we ought to focus this month's #DoOO meetup on the topic? https://boffosocko.com/2020/12/02/55781967/ https://boffosocko.com/2018/07/19/webmentions-enabling-better-communication-on-the-internet-2/
(twitter.com/_/status/1334272684239163392)
[KevinMarks] and [Emma_Humphries] joined the channel