Comment by ptsd_isv

13 hours ago

GP: At least on business plans this is incorrect, it defaults to (last time I checked) accepting any SSL certificate including self signed from edge to origin and it’s a low friction option to enforce either valid or provided CA/PubKey certs for the same path.

Parent: those innocuous cat photos are fine in the current political climate… “First they came for the cat pic viewers, but I did not speak up…”

2 comments

ptsd_isv

Reply
nottorp  6 hours ago

Wrong metaphor though?

How does SSL on a -ing public site protect you from being arrested by miniluv?

It’s public, you want everyone to see the cat photos, that’s why you set up the site. On the contrary, SSL certs mean another party through which miniluv can track you. They prove or are supposed to prove identity not hide it.

  • ptsd_isv  7 minutes ago

    Sorry that wasn’t particularly clear, I was taking more about the general advantageous nature of normalising encryption.

    WRT to another party to track you, one of the benefits of LE is that you only need to provide proof of domain ownership (eg dns txt) so the only tie back to you is whatever information you give to the registrar that you have to provide anyway.