this post was submitted on 02 Jul 2024
15 points (94.1% liked)

Web Development

3434 readers
1 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Related Communities

Wormhole

Some webdev blogsNot sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

CreditsIcon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] mozz@mbin.grits.dev 13 points 4 months ago* (last edited 4 months ago) (1 children)

I couldn’t really make head or tail of it and I’m still not sure, but Google’s announcement linked to the list of incident reports that they said were being mishandled, and I picked out this one at random, and I have to say it definitely seems like they kind of have a point. Certificates were being signed with SHA-1 for about 2 years, as far as I can tell, and most of Entrust’s responses over several months of people asking them “how are you taking steps to endeavor that things like this aren’t still happening or will not happen again” was basically, thank you for concern but fuck off stop bothering me.

[–] ms264556@beehaw.org 2 points 4 months ago (1 children)

The first report I looked at was Entrust refusing to revoke certs because their clients' manual processes would make applying reissued certificates inconvenient.

Quite fun reading, surprisingly - a mid thread revelation that they'd pulled the exact same shit 4 years ago, an attempt by Entrust to kill the issue because unattributed legal advice said they'd misreported the error. And then, just when their chutzpah seemed to be wearing everyone down, a good 'fuck you' from Apple forced them to revoke the certs after all.

I'm not surprised Google had enough & yanked their license to print money.

[–] mozz@mbin.grits.dev 5 points 4 months ago* (last edited 4 months ago)

Seriously. Surely making certificates is one of the absolute apexes of the ratio of how much money you can make versus how much actual work you have to do; in what world did they manage to be sufficiently massive cockheads as to screw that ticket up?