This type of thing is my number one objection to Certificate Authorities.

In fact, it's my objection to computation illiteracy being acceptable in general amongst users. Devs and agencies cannot be trusted not to screw with things. If the average Joe cannot understand what is going on behind the curtains, they aren't free.

Freedom is a scary thing to many groups, and unfortunately, more and more we are seeing the pendulum swing further and further away from the Internet's original intent: to facilitate the fast and open communication of information. I want to say free and open, but unfortunately I have trouble being able to maintain that level of idealism anymore.

It’s a sign of trouble, but I’m not sure it’s really “further” trouble, all it takes is for them to get a cert from Let’s Encrypt and call it a day. I’m surprised they weren’t using LE to begin with actually - since LE is available, why would you ever pay for another CA (excluding EV certificates)?

Only one of the domain/wildcard pairs listed in Sci-Hub's certificate actually works for me right now. It's probable the certificate was revoked not because some publisher threatened legal action against Comodo, but because Sci-Hub no longer controls some of the domains listed in their certificate. If this is the case then they would be able to get a new certificate for free with those names removed.

I wouldn't go rushing to blame Comodo for kowtowing to publishers' demands until Alexandra tells us that's what actually happened...

This is exactly what I said would happen when Google started making all of us use HTTPS.

http://sci-hub.tw working here (Safari, MacOS) Sunday 8am in CA.

The onion domain should be fine because tor has it's own encryption/verification scheme built into their DNS. The domain is the public key (a derivative of it) and the private key is used to sign data.

Also, http://scihub22266oqcxt.onion/ is down. And there's no mention of an onion link on the Sci-Hub website. I wonder what's up.

crt.sh reports it was revoked on the 26th: https://crt.sh/?id=274083328

Related: https://news.ycombinator.com/item?id=16938593

Edit: The author registered Stripe Inc. in a different state than the payment processor and acquired an EV cert which got revoked.

Max Weber wrote the government has a monopoly on the legitimate use of force while arguing that we trade safety for freedom to build modern societies.

Going forward the ability to trust information will matter as much as physical safety. We're starting to build institutions that regulate that for us, CAs are one of the first.

Depending on where you stand this is either a success or a failure of institutional trust.

What's there to stop them self signing their cert and allowing everyone interested to add it to their certificate store?

It probably depends on what domain youre using.

COMODO has revoked their certificate, probably under a court order.

You can temporarily work around this by disabling 'Query OCSP responder servers to confirm the current validity of certificates' under Privacy & Security in Firefox.

I'm a little confused.

Setting aside the legal/ethical underpinnings..

Is the issue here that people are worried that an SA can revoke a cert or that it will be harder for the layperson to get to this particular site?

shouldnt we be using some trustless system for encryption by now?

From a few days ago: https://news.ycombinator.com/item?id=16938593

undefined