01:22:47multisn8 quits [Ping timeout: 268 seconds]
01:32:14Webuser768112 quits [Quit: Ooops, wrong browser tab.]
01:43:28Doranwen quits [Remote host closed the connection]
01:43:50Doranwen (Doranwen) joins
01:53:41tzt (tzt) joins
02:44:14grill quits [Ping timeout: 268 seconds]
02:44:24grill (grill) joins
03:00:16wickedplayer494 quits [Ping timeout: 268 seconds]
03:01:36wickedplayer494 (wickedplayer494) joins
03:09:10etnguyen03 quits [Remote host closed the connection]
03:28:44HackMii quits [Remote host closed the connection]
03:31:07HackMii (hacktheplanet) joins
03:54:29Umbire quits [Ping timeout: 268 seconds]
03:57:59nine quits [Quit: See ya!]
03:58:11nine joins
04:39:21<Pendonym>why are all irc clients either paid or look dogshit or both
04:40:51DogsRNice quits [Read error: Connection reset by peer]
04:54:04Umbire joins
05:01:05Umbire quits [Ping timeout: 268 seconds]
05:13:11Guest58 quits [Quit: My Mac has gone to sleep. ZZZzzz…]
05:16:53atphoenix_ (atphoenix) joins
05:19:35atphoenix__ quits [Ping timeout: 268 seconds]
05:33:51<ivan>you can patch thelounge to make it look like whatever you'd like
07:06:16h|ca2 quits [Ping timeout: 268 seconds]
07:14:40h|ca2 (h) joins
07:25:56Umbire joins
07:26:32Umbire quits [Client Quit]
08:35:04traxys quits [Ping timeout: 268 seconds]
08:55:11traxys (traxys) joins
09:00:21APOLLO03 quits [Ping timeout: 268 seconds]
09:01:08flotwig quits [Read error: Connection reset by peer]
09:01:21APOLLO03 joins
09:02:00flotwig joins
09:38:08<@Sanqui>i switched from hexchat to zoitechat, it seems maintained
09:59:24<steering>< kpcyrd> klea: for what it's worth, DANE is a lot more prone to swappero-shenanigans by authorities compared to CAs and all the append-only transparency log inclusion proof stuff they have been made to participate in <-- lmao, what?
10:00:01<steering>sorry, what forces the CT logs to include it in their log at any point much less immediately?
10:00:43<steering>certificates issued by CAs *already* depend on DNS. DANE depends *solely* on DNS.
10:02:00igloo22225 quits [Quit: The Lounge - https://thelounge.chat]
10:02:36igloo22225 (igloo22225) joins
10:10:13<steering>https://educatedguesswork.org/posts/transparency-part-2/
11:00:22Bleo18260072271962345522201107 quits [Quit: The Lounge - https://thelounge.chat]
11:03:12Bleo18260072271962345522201107 joins
11:52:58Guest58 joins
12:09:47<kpcyrd>steering: nothing, but that's the point, CAs can't issue certificates on their own anymore, they need co-signatures
12:09:59<kpcyrd>I mean sure they can try, but serious clients would reject those as garbage
12:10:25<kpcyrd>steering: how do you ensure the dnssec record you receive has ever been observed by anybody but you?
12:10:30<kpcyrd>you can't
12:13:06<kpcyrd>the NIC can just serve a different public key, point the zone to a different nameserver they control, which resolves the A/AAAA records to another server they control, and also give you a TLSA for some certificate they issued
12:13:12<kpcyrd>ez pz, nobody will ever know
12:28:55multisn8 (multisn8) joins
12:31:26Paw-chivist joins
12:54:02Paw-chivist quits [Client Quit]
12:58:20<steering>kpcyrd: indeed, which would then cause CA
12:58:26<steering>'s to issue to the attacker just the same.
12:59:07<steering>DANE is inarguably more secure than CAs. It has far fewer failure points. The fact that it has a failure point (shared in common with CAs) does not change that.
13:08:36<cruller>https://lore.org/ New VCS
13:10:04ATinySpaceMarine quits [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
13:16:29Jake3 (Jake) joins
13:17:30<kpcyrd>steering: I'd rather run targetted dnssec attacks I can plausibly deny (unless I target the wrong people) instead of going on permanent public record by writing to transparency logs
13:18:44Jake quits [Ping timeout: 268 seconds]
13:18:45Jake3 is now known as Jake
13:22:31Guest58 quits [Client Quit]
13:26:24<klea>cruller: -> #codearchiver
13:35:11<cruller>klea: I didn't mean for this to be an archival topic, but indeed.
14:09:16Umbire (Umbire) joins
14:13:32DogsRNice joins
15:28:55anarcat quits [Quit: rebooting]
15:33:11anarcat (anarcat) joins
15:58:47Webuser073059 joins
16:28:03unknownsrc quits [Ping timeout: 268 seconds]
16:29:29unknownsrc (unknownsrc) joins
17:02:38ThreeHM quits [Ping timeout: 268 seconds]
17:03:58ThreeHM (ThreeHeadedMonkey) joins
18:09:21arch quits [Remote host closed the connection]
18:09:34arch (arch) joins
18:12:08arch quits [Remote host closed the connection]
18:12:22arch (arch) joins
18:48:31tbc1887837 joins
18:49:53tbc188783 quits [Ping timeout: 268 seconds]
18:56:07Umbire quits [Remote host closed the connection]
18:56:31Umbire joins
19:41:52<@JAA>A cert only needs to have two SCTs to be accepted as valid. I'm not aware of any constraint that a CA that also operates a CT log can't provide one of those signatures. So you only really need to convince one other log to collude.
19:42:19<@JAA>The number of logs is much smaller than the number of CAs, so this is an improvement over the previous situation, but it's still a 'trust me bro' situation.
19:46:37BennyOtt quits [Ping timeout: 268 seconds]
19:54:01rohvani joins
21:01:32Guest58 joins
21:08:38Jake quits [Ping timeout: 268 seconds]
21:13:58Jake3 (Jake) joins
21:17:16Starchives_ quits [Ping timeout: 268 seconds]
21:18:22Starchives (Starchives) joins
21:18:27Starchives quits [Remote host closed the connection]
21:18:59Starchives (Starchives) joins
21:22:49HP_Archivist quits [Ping timeout: 268 seconds]
21:46:18Umbire quits [Ping timeout: 268 seconds]
22:05:59Jake3 quits [Ping timeout: 268 seconds]
22:08:43Jake3 (Jake) joins
22:13:38Jake33 (Jake) joins
22:15:17Jake3 quits [Ping timeout: 268 seconds]
22:15:18Jake33 is now known as Jake3
22:25:39etnguyen03 (etnguyen03) joins
23:23:30HP_Archivist (HP_Archivist) joins
23:40:02etnguyen03 quits [Client Quit]
23:58:10Webuser073059 quits [Quit: Ooops, wrong browser tab.]