| 01:22:47 | | multisn8 quits [Ping timeout: 268 seconds] |
| 01:32:14 | | Webuser768112 quits [Quit: Ooops, wrong browser tab.] |
| 01:43:28 | | Doranwen quits [Remote host closed the connection] |
| 01:43:50 | | Doranwen (Doranwen) joins |
| 01:53:41 | | tzt (tzt) joins |
| 02:44:14 | | grill quits [Ping timeout: 268 seconds] |
| 02:44:24 | | grill (grill) joins |
| 03:00:16 | | wickedplayer494 quits [Ping timeout: 268 seconds] |
| 03:01:36 | | wickedplayer494 (wickedplayer494) joins |
| 03:09:10 | | etnguyen03 quits [Remote host closed the connection] |
| 03:28:44 | | HackMii quits [Remote host closed the connection] |
| 03:31:07 | | HackMii (hacktheplanet) joins |
| 03:54:29 | | Umbire quits [Ping timeout: 268 seconds] |
| 03:57:59 | | nine quits [Quit: See ya!] |
| 03:58:11 | | nine joins |
| 04:39:21 | <Pendonym> | why are all irc clients either paid or look dogshit or both |
| 04:40:51 | | DogsRNice quits [Read error: Connection reset by peer] |
| 04:54:04 | | Umbire joins |
| 05:01:05 | | Umbire quits [Ping timeout: 268 seconds] |
| 05:13:11 | | Guest58 quits [Quit: My Mac has gone to sleep. ZZZzzz…] |
| 05:16:53 | | atphoenix_ (atphoenix) joins |
| 05:19:35 | | atphoenix__ quits [Ping timeout: 268 seconds] |
| 05:33:51 | <ivan> | you can patch thelounge to make it look like whatever you'd like |
| 07:06:16 | | h|ca2 quits [Ping timeout: 268 seconds] |
| 07:14:40 | | h|ca2 (h) joins |
| 07:25:56 | | Umbire joins |
| 07:26:32 | | Umbire quits [Client Quit] |
| 08:35:04 | | traxys quits [Ping timeout: 268 seconds] |
| 08:55:11 | | traxys (traxys) joins |
| 09:00:21 | | APOLLO03 quits [Ping timeout: 268 seconds] |
| 09:01:08 | | flotwig quits [Read error: Connection reset by peer] |
| 09:01:21 | | APOLLO03 joins |
| 09:02:00 | | flotwig joins |
| 09:38:08 | <@Sanqui> | i switched from hexchat to zoitechat, it seems maintained |
| 09:59:24 | <steering> | < kpcyrd> klea: for what it's worth, DANE is a lot more prone to swappero-shenanigans by authorities compared to CAs and all the append-only transparency log inclusion proof stuff they have been made to participate in <-- lmao, what? |
| 10:00:01 | <steering> | sorry, what forces the CT logs to include it in their log at any point much less immediately? |
| 10:00:43 | <steering> | certificates issued by CAs *already* depend on DNS. DANE depends *solely* on DNS. |
| 10:02:00 | | igloo22225 quits [Quit: The Lounge - https://thelounge.chat] |
| 10:02:36 | | igloo22225 (igloo22225) joins |
| 10:10:13 | <steering> | https://educatedguesswork.org/posts/transparency-part-2/ |
| 11:00:22 | | Bleo18260072271962345522201107 quits [Quit: The Lounge - https://thelounge.chat] |
| 11:03:12 | | Bleo18260072271962345522201107 joins |
| 11:52:58 | | Guest58 joins |
| 12:09:47 | <kpcyrd> | steering: nothing, but that's the point, CAs can't issue certificates on their own anymore, they need co-signatures |
| 12:09:59 | <kpcyrd> | I mean sure they can try, but serious clients would reject those as garbage |
| 12:10:25 | <kpcyrd> | steering: how do you ensure the dnssec record you receive has ever been observed by anybody but you? |
| 12:10:30 | <kpcyrd> | you can't |
| 12:13:06 | <kpcyrd> | the NIC can just serve a different public key, point the zone to a different nameserver they control, which resolves the A/AAAA records to another server they control, and also give you a TLSA for some certificate they issued |
| 12:13:12 | <kpcyrd> | ez pz, nobody will ever know |
| 12:28:55 | | multisn8 (multisn8) joins |
| 12:31:26 | | Paw-chivist joins |
| 12:54:02 | | Paw-chivist quits [Client Quit] |
| 12:58:20 | <steering> | kpcyrd: indeed, which would then cause CA |
| 12:58:26 | <steering> | 's to issue to the attacker just the same. |
| 12:59:07 | <steering> | DANE is inarguably more secure than CAs. It has far fewer failure points. The fact that it has a failure point (shared in common with CAs) does not change that. |
| 13:08:36 | <cruller> | https://lore.org/ New VCS |
| 13:10:04 | | ATinySpaceMarine quits [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.] |
| 13:16:29 | | Jake3 (Jake) joins |
| 13:17:30 | <kpcyrd> | steering: I'd rather run targetted dnssec attacks I can plausibly deny (unless I target the wrong people) instead of going on permanent public record by writing to transparency logs |
| 13:18:44 | | Jake quits [Ping timeout: 268 seconds] |
| 13:18:45 | | Jake3 is now known as Jake |
| 13:22:31 | | Guest58 quits [Client Quit] |
| 13:26:24 | <klea> | cruller: -> #codearchiver |
| 13:35:11 | <cruller> | klea: I didn't mean for this to be an archival topic, but indeed. |
| 14:09:16 | | Umbire (Umbire) joins |
| 14:13:32 | | DogsRNice joins |
| 15:28:55 | | anarcat quits [Quit: rebooting] |
| 15:33:11 | | anarcat (anarcat) joins |
| 15:58:47 | | Webuser073059 joins |
| 16:28:03 | | unknownsrc quits [Ping timeout: 268 seconds] |
| 16:29:29 | | unknownsrc (unknownsrc) joins |
| 17:02:38 | | ThreeHM quits [Ping timeout: 268 seconds] |
| 17:03:58 | | ThreeHM (ThreeHeadedMonkey) joins |
| 18:09:21 | | arch quits [Remote host closed the connection] |
| 18:09:34 | | arch (arch) joins |
| 18:12:08 | | arch quits [Remote host closed the connection] |
| 18:12:22 | | arch (arch) joins |
| 18:48:31 | | tbc1887837 joins |
| 18:49:53 | | tbc188783 quits [Ping timeout: 268 seconds] |
| 18:56:07 | | Umbire quits [Remote host closed the connection] |
| 18:56:31 | | Umbire joins |
| 19:41:52 | <@JAA> | A cert only needs to have two SCTs to be accepted as valid. I'm not aware of any constraint that a CA that also operates a CT log can't provide one of those signatures. So you only really need to convince one other log to collude. |
| 19:42:19 | <@JAA> | The number of logs is much smaller than the number of CAs, so this is an improvement over the previous situation, but it's still a 'trust me bro' situation. |
| 19:46:37 | | BennyOtt quits [Ping timeout: 268 seconds] |
| 19:54:01 | | rohvani joins |
| 21:01:32 | | Guest58 joins |
| 21:08:38 | | Jake quits [Ping timeout: 268 seconds] |
| 21:13:58 | | Jake3 (Jake) joins |
| 21:17:16 | | Starchives_ quits [Ping timeout: 268 seconds] |
| 21:18:22 | | Starchives (Starchives) joins |
| 21:18:27 | | Starchives quits [Remote host closed the connection] |
| 21:18:59 | | Starchives (Starchives) joins |
| 21:22:49 | | HP_Archivist quits [Ping timeout: 268 seconds] |
| 21:46:18 | | Umbire quits [Ping timeout: 268 seconds] |
| 22:05:59 | | Jake3 quits [Ping timeout: 268 seconds] |
| 22:08:43 | | Jake3 (Jake) joins |
| 22:13:38 | | Jake33 (Jake) joins |
| 22:15:17 | | Jake3 quits [Ping timeout: 268 seconds] |
| 22:15:18 | | Jake33 is now known as Jake3 |
| 22:25:39 | | etnguyen03 (etnguyen03) joins |
| 23:23:30 | | HP_Archivist (HP_Archivist) joins |
| 23:40:02 | | etnguyen03 quits [Client Quit] |
| 23:58:10 | | Webuser073059 quits [Quit: Ooops, wrong browser tab.] |