>TLS>sir redeem the certificateWill we ever escape this goyslop?Encryption should be a part of TCP/IP.It should be transparent to the applications.
>jews don't use encryptionWhat did OP mean by this?
>>101588345>Encryption should be a part of TCP/IPwhat do you propose, travelling back 50 years ago and telling the US DoD they need to add encryption to the protocol they were developing? there's nothing anyone can do about it at this point
>>101588345ipsec
>>101588450>backdoorsec
>>101588345WHAT IN THE FLYING FUCK are you trying to say? Certs work ok right now, the fuck is your current problem?
>encrypt tcp/ip>ISP can no longer see and sell your dns traffic>ISP can no longer see and sell your http traffic>ISP can no longer see and sell your sni traffic>cloudflare on most computers still gets dns/sni traffic to see and sell>google on other computers still gets dns/sni traffic to see and sell>isp still probably hosting dns/sni server, still gets traffic in plaintext to see and sellThe only thing this would fix is the mitm part of cloudflare, which they won't be fixing.
>>101588814You can literally just host your own waf and distribute a couple of servers accross the regions you do business, no need for cloudfare, its just a service for morons who don't self-host
>>101588345>It should be transparent to the applications.that's exactly what TLS does you bumbling faggot
>>101588345Man I couldn't agree more. I went through the trouble of setting up certs on my server only for it to fail because it's "self signed". Turns out you can't do it w LAN addresses? Wtf?
>>101589662No, you have to set the “keys” in your program and then other programs cry when they don’t like something. It should all just be automatic on the level of the network interface.
>>101588345>pic relatedWhat’s with the portion sizes?
>>101589751>No, you have to set the “keys” in your programNo you don't anonYou don't need to validate TLS certificatesWeb browsers validate TLS certificates so that HTTPS works properly
>>101589772I redeemed my key and different programs started crying about it not being in the correct location/pathname for them, this should not happen. It should just work by default, http on port 80 but all encrypted by default transparently, no config files for every service.HTTPS was a mistake.
>>101589813Are you retarded anon? What's the point of TLS if you don't know you're talking to the right server? There's a reason most apps verify certificates with WebPKI instead of accepting anything
>>101589852I reject the needfulness of TLS in the first place.I think it's broken and overengineered.That your packets get to the IP address (an alphabetic/base64 address) should itself serve as proof that you're talking to the right server. DNS and IPv4/IPv6 was a mistake and possibly a deliberate design flaw to keep us as good goys in the shackles of "Certificate Authorities".
>>101589966>That your packets get to the IP addressbut there's no way to know that they actually didwhat if the router decided to route your packets to a different computer
>>101590282>what if the router decided to route your packets to a different computerPackets have to be cryptographically signed so the router will -ACK if it tries to mess with the data.
>>101590425>Packets have to be cryptographically signedCute, try a mixnet like I2P thenThat doesn't make sense for every application
>>101590899Encryption makes sense for every application, anonymity doesn't.
>>101588814Firefox has ech. Also, use quad9
>>101590975>Encryption makes sense for every applicationno it doesn't, but ok anon
>>101591110>no it doesn't,Shabbat shalom rebbe
>>101588433support RINA adoption and ecosystem development by using it in your own networkshttps://github.com/rlite/rlitehttps://www.researchgate.net/publication/376088386_Reconciling_Efficiency_and_Security_of_the_Internet_of_Things_A_Recursive_InterNetwork_Architecture_RINA_Approach
>>101591047>use Firefox>use quad9
>>101588345>Encryption should be a part of TCP/IP.The fuck does that mean? You thought nobody would notice your technobabble and actually investigate your lack of technical knowledge and details of what you are suggestingNow, explain what you mean very carefully and verbosely so that you can clear yourself of the allegation of being a baitposter
>>101591344it means that auth identities ought to be statically tied to internet destinations as to avoid everyone having to manage multiple sets of identities and the need for separate distributed systems for mapping between them and the only reason this isn't the case is because changing established low level standards is hardsee >>101591209
>>101591516>only reason this isn't the case is because changing established low level standards is hardThat and it being undesirable for... let's say certain groups.
>>101588345Then you'd have tcp redeeming the certificate, which is even worse. You'ee essentially arguing to unlayer the layer model
>>101588814dns is not even tcp...
>>101590425Bruh they don't need to mess with the data, you're just not talking to the server you thought you were. Please for the dear god try and understand why tls is why it is
>>101588345Didn't IPv6 try implementing encryption and it's already obsolete?
>>101591568How? Literally how? There is no centralised DNS resolution slop. The yiddish router would have to control the IP address if he wants to make it seem like the packets are coming from that machine.>>101591576IPv6 might have been an elaborate design to make something 'better' but deeply flawed so people don't even think of improving anything anymore. It's textbook controlled opposition.
>>101591576IPsec was supposed to be mandatory at one point, but enterprise firewalls don't like not being able to see port numbers.
>>101591637How would you verify that the host you are talking to is the host you are expecting?Are you wanting to build TCPS on IP or would you want to replace IP too? IP is fundamentally insecure. Any middlepoint between you and the target can tell your system that the IP you chose is actually a different server, and they can do it selectively based on what you say your IP is. They solve this problem in TLS by using certificates on domains.It is signed by a trusted third party telling your system that the server you are talking to owns the proper signed certificate that validates the connection. You could do the same thing to IP in theory, but you'd still be fucking with certificates and certificate authorities, unless you pre share a key over a secure channel; which is the entire thing that TLS is designed to solve. Host verification is the hard problem.
Based.
>>101588345Why not put the public key in dns? Fuck this certificate bs.