lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

53
active users

#Acme

2 posts2 participants0 posts today
TechnoTenshi :verified_trans: :Fire_Lesbian:<p>NGINX releases preview of native ACME protocol support via new Rust-based module, enabling direct SSL/TLS certificate issuance and renewal from configuration without external tools like Certbot, aiming to simplify management and improve security.</p><p><a href="https://blog.nginx.org/blog/native-support-for-acme-protocol" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.nginx.org/blog/native-sup</span><span class="invisible">port-for-acme-protocol</span></a></p><p><a href="https://infosec.exchange/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nginx</span></a> <a href="https://infosec.exchange/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://infosec.exchange/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
House Panther :verified_paw:<p><a href="https://goblackcat.social/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://goblackcat.social/tags/oldskool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oldskool</span></a></p>
gyptazy<p>Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?</p><p><a href="https://mastodon.gyptazy.com/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a> <a href="https://mastodon.gyptazy.com/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tls</span></a> <a href="https://mastodon.gyptazy.com/tags/dane" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dane</span></a> <a href="https://mastodon.gyptazy.com/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://mastodon.gyptazy.com/tags/certificate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificate</span></a> <a href="https://mastodon.gyptazy.com/tags/certificateauthority" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificateauthority</span></a> <a href="https://mastodon.gyptazy.com/tags/ca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ca</span></a></p>
Stefan Eissing<p>Apache ACME(mod_md) with ARI support:<br><a href="https://github.com/icing/mod_md/tree/v2.6.0?tab=readme-ov-file#acme-ari" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/icing/mod_md/tree/v</span><span class="invisible">2.6.0?tab=readme-ov-file#acme-ari</span></a></p><p><a href="https://chaos.social/tags/apache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apache</span></a> <a href="https://chaos.social/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> </p><p><a href="https://github.com/icing/mod_md/releases/tag/v2.6.0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/icing/mod_md/releas</span><span class="invisible">es/tag/v2.6.0</span></a></p>
gyptazy<p>Building Your Own PKI with Step-CA – From Root CA to Proxmox Integration with ACME!</p><p>In this <a href="https://mastodon.gyptazy.com/tags/HowTo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HowTo</span></a> we create an own, decentralized PKE with <a href="https://mastodon.gyptazy.com/tags/stepca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stepca</span></a>, enable <a href="https://mastodon.gyptazy.com/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> and integrate a <a href="https://mastodon.gyptazy.com/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proxmox</span></a> node to obtain a certificate.</p><p><a href="https://mastodon.gyptazy.com/tags/proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proxmox</span></a> <a href="https://mastodon.gyptazy.com/tags/stepca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stepca</span></a> <a href="https://mastodon.gyptazy.com/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://mastodon.gyptazy.com/tags/howto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>howto</span></a> <a href="https://mastodon.gyptazy.com/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a> <a href="https://mastodon.gyptazy.com/tags/enterprise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>enterprise</span></a> <a href="https://mastodon.gyptazy.com/tags/pki" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pki</span></a> <a href="https://mastodon.gyptazy.com/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.gyptazy.com/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> <a href="https://mastodon.gyptazy.com/tags/x509" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>x509</span></a> <a href="https://mastodon.gyptazy.com/tags/certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificates</span></a></p><p><a href="https://gyptazy.com/building-your-own-pki-with-step-ca-from-root-ca-to-proxmox-integration-with-acme/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gyptazy.com/building-your-own-</span><span class="invisible">pki-with-step-ca-from-root-ca-to-proxmox-integration-with-acme/</span></a></p>
Stéphane Bortzmeyer<p>RFC 9799: ACME Extensions for ".onion" Domain Names</p><p>Le protocole <a href="https://mastodon.gougere.fr/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> permet d'automatiser le processus de création et de renouvellement de <a href="https://mastodon.gougere.fr/tags/certificats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificats</span></a> utilisables, par exemple, pour TLS. L'extension normalisée dans ce nouveau <a href="https://mastodon.gougere.fr/tags/RFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC</span></a> permet d'obtenir des certificats pour un service utilisant le .onion de <a href="https://mastodon.gougere.fr/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>. Si vous voulez passer à la télévision en disant « j'ai obtenu un certificat pour le Dark Web », ce RFC est la bonne lecture. </p><p><a href="https://www.bortzmeyer.org/9799.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">bortzmeyer.org/9799.html</span><span class="invisible"></span></a></p>
House Panther :verified_paw:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Some_Emo_Chick" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Some_Emo_Chick</span></a></span> Wile E. Coyote holding up his infamous <a href="https://goblackcat.social/tags/Acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Acme</span></a> catalog! 😹</p>
caoimhín o'cuilleain<p>Desert chicken is the proper name. </p><p><a href="https://xoxo.zone/tags/roadrunner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>roadrunner</span></a> <a href="https://xoxo.zone/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://xoxo.zone/tags/birds" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>birds</span></a> <a href="https://xoxo.zone/tags/birdsofmastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>birdsofmastodon</span></a></p>
ivy<p>yet another ACME client, based on uacme: <a href="https://github.com/llfw/lfacme" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/llfw/lfacme</span><span class="invisible"></span></a></p><p>good:<br>+ uses uacme and POSIX /bin/sh<br>+ better configuration/hook system than dehydrated<br>+ comes with manpages<br>+ small and simple<br>+ supports Kerberized dns-01 domain validation</p><p>bad:<br>- only supports Kerberized dns-01 domain validation (but this could be improved)<br>- only tested on FreeBSD (but this could be improved too)</p><p>/cc <span class="h-card" translate="no"><a href="https://mastodon.social/@_bapt_" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>_bapt_</span></a></span> </p><p><a href="https://mastodon.bsd.cafe/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.bsd.cafe/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>letsencrypt</span></a> <a href="https://mastodon.bsd.cafe/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a></p>
Aral Balkan<p>Just requested that Auto Encrypt¹ is added to the list of <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> clients for Node.js and that Kitten² is added to the list of projects that integrate Let’s Encrypt support:</p><p>• <a href="https://github.com/letsencrypt/website/pull/1921" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/letsencrypt/website</span><span class="invisible">/pull/1921</span></a><br>• <a href="https://github.com/letsencrypt/website/pull/1922" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/letsencrypt/website</span><span class="invisible">/pull/1922</span></a></p><p>I originally requested that Auto Encrypt and Site.js (the precursor to Kitten, now sunset) be added to the list in 2021. It was not approved (no reason given), so hopefully this time will be different.</p><p><a href="https://github.com/letsencrypt/website/pull/1203" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/letsencrypt/website</span><span class="invisible">/pull/1203</span></a></p><p>¹ <a href="https://codeberg.org/small-tech/auto-encrypt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/small-tech/auto-e</span><span class="invisible">ncrypt</span></a><br>² <a href="https://kitten.small-web.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">kitten.small-web.org</span><span class="invisible"></span></a></p><p><a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallWeb</span></a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallTech</span></a> <a href="https://mastodon.ar.al/tags/AutoEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AutoEncrypt</span></a> <a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kitten</span></a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a> <a href="https://mastodon.ar.al/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a></p>
Raven<p>Caddy Web Server 2.10 released with encrypted ClientHello (ECH) support, post-quantum key exchange, ACME profiles, libdns 1.0 APIs, global DNS config</p><p><a href="https://github.com/caddyserver/caddy/releases/tag/v2.10.0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/caddyserver/caddy/r</span><span class="invisible">eleases/tag/v2.10.0</span></a></p><p><a href="https://mastodon.bsd.cafe/tags/caddyserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddyserver</span></a> <a href="https://mastodon.bsd.cafe/tags/caddyreverseproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddyreverseproxy</span></a> <a href="https://mastodon.bsd.cafe/tags/webserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webserver</span></a> <a href="https://mastodon.bsd.cafe/tags/reverseproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseproxy</span></a> <a href="https://mastodon.bsd.cafe/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://mastodon.bsd.cafe/tags/postquantumcryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>postquantumcryptography</span></a></p>
Tomáš<p>Hi, consider supporting my fediverse-exclusive content work. You can give me money or buy something!</p><p><a href="https://analognowhere.com/support" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">analognowhere.com/support</span><span class="invisible"></span></a><br><a href="https://analognowhere.redbubble.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">analognowhere.redbubble.com</span><span class="invisible"></span></a></p><p>Thank you.</p><p><a href="https://merveilles.town/tags/unix_surrealism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix_surrealism</span></a> <a href="https://merveilles.town/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://merveilles.town/tags/9front" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>9front</span></a> <a href="https://merveilles.town/tags/rabbit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rabbit</span></a> <a href="https://merveilles.town/tags/support" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>support</span></a></p>
Chimmie Firefly 💙💜🤍<p><span>lately my gf told me about buypass ACME as an EU alternative to the US let's encrypt. Does any of you have experience with them?<br><br></span><a href="https://mrrp.chimmie.k.vu/tags/acme" rel="nofollow noopener" target="_blank">#acme</a> <a href="https://mrrp.chimmie.k.vu/tags/security" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mrrp.chimmie.k.vu/tags/networking" rel="nofollow noopener" target="_blank">#networking</a></p>

So after listening to your feedback, I agree: let’s spend that money in the EU to create a publicly-owned, free and open ACME-compatible certificate authority.

See post quoted below, with links to Tom’s work as he’s already been thinking/working on this.

#EU #ACME #TLS #security #LetsEncrypt #technologyCommons #SmallTech mamot.fr/@tdelmas/114224564125

Mamot - Le Mastodon de La Quadrature du Net Tom (@tdelmas@mamot.fr)@aral@mastodon.ar.al Or let's use the protocol they created - ACME - to create more independent CA, EU-based ! https://github.com/tdelmas/Let-s-Clone

Fsck de overheid: "Het automatiseren van certificaatbeheer door de overheid op basis van ACME zorgt voor het efficiënter en betrouwbaarder verkrijgen, vernieuwen en intrekken van TLS-certificaten. Dit maakt de digitale overheid betrouwbaarder, wendbaarder en minder leveranciersafhankelijk", aldus de experts. "Daarnaast vermindert het gebruik van ACME de beheerlast voor het beheer van TLS-certificaten."
security.nl/posting/876900/ACM.

In een tijd waarin burgers, online, met steeds hogere betrouwbaarheid moeten authenticeren (o.a. voor online leeftijdsverificatie en binnenkort met eID's zoals EDIW/EUDIW), en de anonieme nepwebsites als paddenstoelen uit de grond schieten (*), is dit een *KRANKZINNIG* plan.

(*) Daarbij geen strobreed in de weggelegd door BigTech - integendeel: medeplichtigheid aan cybercrime is hun verdienmodel geworden.

Het grote risico hier zijn AitM- (Attacker in the Middle) aanvallen: nietsvermoedende mensen worden via een bericht of een Google zoekresultaat naar een nepwebsite gestuurd, die hen vraagt om bijv. een scan van hun paspoort te uploaden en een selfie-filmpje te maken.

Beide stuurt de nepwebsite echter dóór naar een echte website, zoals van een bank, bijv. om een lening af te sluiten. De AitM neemt dat geld op, waarna het slachtoffer opdraait voor de schuld.

Een ESSENTIËLE voorwaarde voor betrouwbare authenticatie is dat je de VERIFIEERDER kunt vertrouwen.

Of dat zo is, weet je nooit zeker (ook offline niet). Het beste alternatief is dat je weet *WIE* de verifieerder is, en hoe betrouwbaar diens identiteit is vaatgesteld. Dat is, zonder meer, vervelend en prijzig voor eigenaren van websites waar klanten, burgers of patiënten risicovolle transacties doen en/of er vertrouwelijke gegevens mee uitwisselen - maar enorm in het belang van bezoekers van dergelijke websites.

Betrouwbare authenticatie van (de juridisch aansprakelijke) eigenaar van een website m.b.v. een website-certificaat vormt *technisch* geen enkel probleem (dit *hadden* we al, maar is met een smoes gesloopt door Google).

In gratis certificaten, bijvoorbeeld van Let's Encrypt (zoals gebruikt door de nepwebsites in onderstaand plaatje) staat uitsluitend een volstrekt anonieme domeinnaam; je hebt dus geen idee wie verantwoordelijk is voor de website.

Juist bij overheidswebsites is het essentieel dat je weet dat het écht om een overheidswebsite gaat - iets dat bij de in het plaatje getoonde domeinnamen (ik heb de punt door + vervangen), zoals:

• afhandelen-belasting+com
• aflossen-belastingdienst+com

beslist *niet* het geval is.

En in de echte ggn.nl/contact/phishing/ kunt u voorbeelden zien van domeinnamen van nepwebsites, zoals ook te zien in onderstaand plaatje.

Kennelijk lukt het niemand om dergelijke criminele websites uit de lucht te halen, terwijl de misdadigers er probleemloos Let's Encrypt certificaten voor *blijven* verkrijgen - naast dat de naar phishing stinkende domeinnamen zonder blikken of blozen worden verhuurd en nooit worden ingetrokken. Dit is simpelweg de SNELSTE en GOEDKOOPSTE oplossing voor eigenaren van websites; de *BEZOEKERS* van die websites draaien op voor alle risico's.

Het onderstaande plaatje is van een Russische server, maar dit soort phishing websites vind je ook bij de vleet op door criminelen gehuurde servers van Google, Amazon, Microsoft, Digital Ocean, Cloudflare en kleinere westerse hostingbedrijven.

Ben ik nou ÉCHT DE ÉNIGE die vindt dat deze gecriminaliseerde puinhoop keihard moet worden aangepakt?

Zie mijn uitgebreide reactie in security.nl/posting/876914 (beginnend met eenvoudige uitleg wat een website-certificaat is).

Nb. naast certificaatuitgevers moeten ook browsers en het CA/B-forum op de schop. Doen we dit allemaal niet, dan wordt verder digitaliseren een gigantische puinhoop met steeds meer slachtoffers van identiteitsfraude.