Ideally there's a chain of trust from its ancient CA roots to whatever ones are used decades from now.
-
-
Absolutely
@letsencrypt seems like the way of the future. I'd love to have a port of it to#sortix and use it with my httpd port. -
If you have Python building/running there are already a couple good minimal/auditable acme client implementations you can use.
-
Yeah I got a Python 3 largely working, I was planning on checking out a reasonably sized lets encrypt implementation and port if good.
-
If it's python, no porting is needed. AFAIK there are no "reasonably sized" C implementations. Too much protocol infrastructure mess.
-
Honestly simultaneously dealing with JSON *and* OpenSSL from C sounds so painful it should be in violation of the Geneva Convention
-
Think BearSSL and tiny fixed-schema JSON processing code.
-
yeah no even then. abstractions are good.
-
Depends. Overly-powerful abstractions are not good in a security-critical context. Minimal ones that do the job are better.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.