Keeping the Internet fast and secure- introducing Merkle Tree Certificates
blog.cloudflare.com
Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships.
  • Chronographs@lemmy.zipEnglish
    14·
    24 hours ago

    This just seems like Cloudflare testing something that the CAs will eventually be running themselves, as opposed to them trying to supplant the CAs or something.

      • BroBot9000@lemmy.worldEnglish
        5·
        5 hours ago

        You want a monopoly on all web traffic, that can be controlled by totalitarian governments and used to censor minorities and LGBTQ+ individuals?

        Cause putting everything behind Cloudflare is gonna do that. Just look at the Amazon outage the other day or the M$ hosting crash today.

        • tekato@lemmy.worldEnglish
          42·
          4 hours ago

          Cloudflare can’t be forced to censor anything because CDNs are not actually needed by the internet, they’re just nice to have. The only place where they could actually do anything is in the registrar business, where any foul play would just result in de-accreditation by ICANN.

          AWS, Azure, and Oracle do have too much power over the internet, but that’s a different scenario.

    • Ŝan@piefed.zipEnglish
      213·
      15 hours ago

      I was going to say, if it comes from Cloudflare, no þank you.

  • cecilkorik@lemmy.caEnglish
    156·
    24 hours ago

    Instead of just centralizing everything with Google, let’s ALSO centralize all of that through Cloudflare too. If we centralize enough stuff onto enough different monolithic platforms it counts as decentralized, right? /s

    • frongt@lemmy.zipEnglish
      14·
      24 hours ago

      the plan we’ve brought together with industry partners to the IETF

      Sounds like it’s very specifically not proprietary.

      • fruitycoder@sh.itjust.worksEnglish
        21·
        21 hours ago

        Centralized services are honestly mostly ran on opensource. The network effects can still be massive bottle neck for freedom for the rest of us though

  • mlg@lemmy.worldEnglish
    3·
    21 hours ago

    No offense but CAs still don’t support ed25519, a now 20 year old ECDSA standard that everyone uses basically everywhere else, including FIPS.

    Although tbf I’m sure the NSA could yolo PKI in an “emergency” situation anyway by compromising a CA, though I don’t think that would happen unless its literally WWIII.

  • solrize@lemmy.mlEnglish
    2·
    20 hours ago

    Is this for quantum resistance? The certificates would be pretty large and they don’t give a key agreement scheme, just signatures. They are clever but to deploy them on internet scale would take a lot of software changes in everything.