Keeping the Internet fast and secure: introducing Merkle Tree Certificates

⁨70⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨floofloof@lemmy.ca⁩ to ⁨technology@lemmy.world⁩

https://blog.cloudflare.com/bootstrap-mtc/

cross-posted from: lemmy.bestiver.se/post/704939

Comments

source

Comments

Sort:hotnew top

BroBot9000@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Better off not using Cloudflare if you give a shit about the internet.

source
- Sxan@piefed.zip ⁨3⁩ ⁨weeks⁩ ago
  I was going to say, if it comes from Cloudflare, no thank you.
  
  source
  - KairuByte@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
    No, bank you!
    
    source
- tekato@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Why is Cloudflare bad for the internet?
  
  source
  - BroBot9000@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    You want a monopoly on all web trading that can be controlled by totalitarian governments and used to censor LGBTQ+ individuals?
    
    Cause putting everything behind Cloudflare is gonna do that. Just look at the Amazon outage the other day or the M$ hosting crash today.
    
    source
    -> View More Comments
db2@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Shove it up your ass, Cloudflare.

source
cecilkorik@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
Instead of just centralizing everything with Google, let’s ALSO centralize all of that through Cloudflare too. If we centralize enough stuff onto enough different monolithic platforms it counts as decentralized, right? /s

source
- frongt@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
  
  the plan we’ve brought together with industry partners to the IETF
  
  Sounds like it’s very specifically not proprietary.
  
  source
  - fruitycoder@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
    Centralized services are honestly mostly ran on opensource. The network effects can still be massive bottle neck for freedom for the rest of us though
    
    source
Chronographs@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
This just seems like Cloudflare testing something that the CAs will eventually be running themselves, as opposed to them trying to supplant the CAs or something.

source
mlg@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
No offense but CAs still don’t support ed25519, a now 20 year old ECDSA standard that everyone uses basically everywhere else, including FIPS.

Although tbf I’m sure the NSA could yolo PKI in an “emergency” situation anyway by compromising a CA, though I don’t think that would happen unless its literally WWIII.

source
solrize@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
Is this for quantum resistance? The certificates would be pretty large and they don’t give a key agreement scheme, just signatures. They are clever but to deploy them on internet scale would take a lot of software changes in everything.

source