I couldn’t really make head or tail of it and I’m still not sure, but Google’s announcement linked to the list of incident reports that they said were being mishandled, and I picked out this one at random, and I have to say it definitely seems like they kind of have a point. Certificates were being signed with SHA-1 for about 2 years, as far as I can tell, and most of Entrust’s responses over several months of people asking them “how are you taking steps to endeavor that things like this aren’t still happening or will not happen again” was basically, thank you for concern but fuck off stop bothering me.
Web Development
Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development
What is web development?
Web development is the process of creating websites or web applications
Rules/Guidelines
- Follow the programming.dev site rules
- Keep content related to web development
- If what you're posting relates to one of the related communities, crosspost it into there to help them grow
- If youre posting an article older than two years put the year it was made in brackets after the title
Related Communities
- !html@programming.dev
- !css@programming.dev
- !uiux@programming.dev
- !a11y@programming.dev
- !react@programming.dev
- !vuejs@programming.dev
- !webassembly@programming.dev
- !javascript@programming.dev
- !typescript@programming.dev
- !nodejs@programming.dev
- !astro@programming.dev
- !angular@programming.dev
- !tauri@programming.dev
- !sveltejs@programming.dev
- !pwa@programming.dev
Wormhole
Some webdev blogs
Not sure what to post in here? Want some web development related things to read?
Heres a couple blogs that have web development related content
- https://frontendfoc.us/ - [RSS]
- https://wesbos.com/blog
- https://davidwalsh.name/ - [RSS]
- https://www.nngroup.com/articles/
- https://sia.codes/posts/ - [RSS]
- https://www.smashingmagazine.com/ - [RSS]
- https://www.bennadel.com/ - [RSS]
- https://web.dev/ - [RSS]
The first report I looked at was Entrust refusing to revoke certs because their clients' manual processes would make applying reissued certificates inconvenient.
Quite fun reading, surprisingly - a mid thread revelation that they'd pulled the exact same shit 4 years ago, an attempt by Entrust to kill the issue because unattributed legal advice said they'd misreported the error. And then, just when their chutzpah seemed to be wearing everyone down, a good 'fuck you' from Apple forced them to revoke the certs after all.
I'm not surprised Google had enough & yanked their license to print money.
Seriously. Surely making certificates is one of the absolute apexes of the ratio of how much money you can make versus how much actual work you have to do; in what world did they manage to be sufficiently massive cockheads as to screw that ticket up?