[-] ChosonAdmin@lemmygrad.ml 6 points 1 year ago

Yes, starting a CA just for DPRK/Russian/other US-sanctioned sites wouldn't work, but having a large enough CA would make it impossible for Google/Mozilla/Microsoft to say no to the inclusion.

As Let's Encrypt (and the Internet Security Research Group) have been pushing HTTPS the most, I think we should apply pressure to them to relocate to a country that allows them to issue TLS certificates to websites based in US-sanctioned countries. As the ISRG is currently based in the US, I don't think they can currently bypass those US sanctions despite them wanting to be as politically neutral as possible.

21

HTTPS is becoming increasingly important for every website out there on the internet and even on intranet sites. As HTTPS prevents eavesdropping and MiTM attacks. All major browsers discourage visiting HTTP-only websites and there are multiple initiatives to issue TLS/SSL certificates needed for HTTPS to as many websites as possible..... except to websites based in US-sanctioned countries.

The prime example of excluded from the secure internet due to US sanctions is the DPRK. While the China-based DPRK website Uriminzokkiri has a valid TLS/SSL certificate, all DPRK-based websites such as Naenara, KCNA, Voice of Korea and Rodong Sinmun do not have access to any kind of TLS/SSL certificate.

What do we do? Try to take action via our US-based comrades? Try to start our own CA?

[-] ChosonAdmin@lemmygrad.ml 2 points 1 year ago* (last edited 1 year ago)

As a techie, I believe automation is good, but it's being utilized against the workers instead of helping the workers. While the moral thing to do as an employer would be keeping an employee who automates and documents tasks, employers with their regular lack of morals usually get rid of the worker to have a worker with a smaller salary study that documentation and continue the same work but with less pay. This "utilize and dispose" strategy only hinders the workers' motivation to document and automate systems.

1

As the title states, this is a thread to converse about Open Source hardware without any NSA, FSB or Chinese backdoors. What options might we have in the future and what options are available at the moment that are fully auditable against government-imposed backdoors?

ChosonAdmin

joined 2 years ago