--- /dev/null
+# Certificate authority and its consequences have been a disaster for the human race
+
+>Should CA exist in 2k20?
+
+--- Me
+
+>no.
+>I don't see a problem in self-signed ceritificates for web to be
+>honest. Instead of relying on CA, browser should remember it's
+>fingerprint and warn if it was changed.
+
+--- a1batross
+
+>please add certificate chains and the insane prices from verisign or
+>such that are literally a govt-funded scam :DDDD
+
+--- caskd
+
+Ever wondered why you have to pay to secure your website? Or trust
+whatever ACME is?
+
+There are companies who got their crypto signatures hardcoded in
+browsers, so the browser automatically accepts that signature without
+asking you. And you have to ***renew*** the cert every year/3
+months/dunno. This wouldn't happen with self signed certs, since you
+don't have to renew them ever because... you made them...
+
+When you visit a website that doesn't have a certificate signed by a
+shill, you get this:
+
+<img src="shills.png" width="500"/>
+
+Browser may say that the website is insecure and shit, but it isn't:
+the connection is still **perfectly** secure between you and the
+server. Or even stronger, since self signed certs can be whatever you
+want, RSA8192, ECC512, you name it.
+
+I trust more **my friend's** signature than some random corporation,
+who got their signature *hardcoded* in browsers.
+
+## Why does this thing exist?
+
+* Corps can make money out of this
+* Monopolies, It's not that easy to get your signature hardcoded in
+ browsers.
+
+## Alternatives
+
+* What a1batross said.
+* TOFU: (Trust on first use) (What ssh prompts when you log in for
+ first time)
+* Use .onion, .i2p, .loki... Any of those works without CA and it's
+ perfectly end to end encrypted
* not run by a russian mobster
* Descentralizated
-* Built-in cryptography
+* You can enable encryption in a desktop client
+* You can setup your own server
* Does not require phone number
## xmpp advantages over Signal
* Does not require phone number (kek, a privacy oriented software
requires your phone number)
* You can trust the encryption
+* You can setup your own server
## xmpp flaws
--- /dev/null
+# posweg rocks
+
+they just run <https://posweg.es> which is just their personal website,
+they use cleg for <https://blog.posweg.es> (which is my blog software
+:p) But they're also an awesome artist:
+
+<a href="https://pbs.twimg.com/media/EVV3XrqWoAwEvPH?format=jpg">
+<img src="https://pbs.twimg.com/media/EVV3XrqWoAwEvPH?format=jpg" width=150px>
+</a>
+<a href="https://i.delegao.moe/zce9l43P.jpg">
+<img src="https://i.delegao.moe/zce9l43P.jpg" width=150px>
+</a>
+
+He also converted to Emacs recently :p
+++ /dev/null
-# posweg rocks
-
-they just run <https://posweg.es> which is just their personal website,
-they use cleg for <https://blog.posweg.es> (which is my blog software
-:p) But they're also an awesome artist:
-
-<a href="https://pbs.twimg.com/media/EVV3XrqWoAwEvPH?format=jpg">
-<img src="https://pbs.twimg.com/media/EVV3XrqWoAwEvPH?format=jpg" width=150px>
-</a>
-<a href="https://i.delegao.moe/zce9l43P.jpg">
-<img src="https://i.delegao.moe/zce9l43P.jpg" width=150px>
-</a>
-
-He also converted to Emacs recently :p
projects / kill9.git / commit
