[HN Gopher] Avoiding Internet Centralization ___________________________________________________________________ Avoiding Internet Centralization Author : johndbeatty Score : 7 points Date : 2021-12-09 17:10 UTC (5 hours ago) (HTM) web link (mnot.github.io) (TXT) w3m dump (mnot.github.io) | superkuh wrote: | > 5.2. Encrypt, Always: When deployed at scale, encryption can be | an effective technique to reduce many inherited centralization | risks. ... | | The problem here is the word "Always". Encryption is good for | just the reasons they say. But _only_ encryption, _always_ | encryption, not having an option for plain text is highly | centralizing in itself. This is because the current status quo | for encryption is to use TLS based on certificate authorities. | And CAs are always highly centralized and highly centralizing. | | If Lets Encrypt ever goes corrupt like dot Org did it would cause | an incredible amount of trouble and that entity would have power | over a large portion of the web, if not the entire internet. | There's an easy solution to this though. Don't throw alway plain | protocls. Plain and TLS wrapped are synergistic. Use both. | There's no need for, and it is damaging, to always encrypt | without an option for plain text. | | A hypothetical downgrade attack is not an excuse for using _only_ | highly centralized TLS CA based protocols in this context. ___________________________________________________________________ (page generated 2021-12-09 23:00 UTC)