this post was submitted on 29 Oct 2025
64 points (95.7% liked)

Technology

81286 readers
4485 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
64
Keeping the Internet fast and secure: introducing Merkle Tree Certificates (blog.cloudflare.com)
submitted 3 months ago by floofloof@lemmy.ca to c/technology@lemmy.world
13 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.bestiver.se/post/704939

Comments

top 13 comments
sorted by: hot top controversial new old
[–] BroBot9000@lemmy.world 28 points 3 months ago (2 children)

Better off not using Cloudflare if you give a shit about the internet.

[–] tekato@lemmy.world 2 points 3 months ago (1 children)

Why is Cloudflare bad for the internet?

[–] BroBot9000@lemmy.world 10 points 3 months ago* (last edited 3 months ago) (1 children)

You want a monopoly on all web traffic, that can be controlled by totalitarian governments and used to censor minorities and LGBTQ+ individuals?

Cause putting everything behind Cloudflare is gonna do that. Just look at the Amazon outage the other day or the M$ hosting crash today.

[–] tekato@lemmy.world 1 points 3 months ago

Cloudflare can’t be forced to censor anything because CDNs are not actually needed by the internet, they’re just nice to have. The only place where they could actually do anything is in the registrar business, where any foul play would just result in de-accreditation by ICANN.

AWS, Azure, and Oracle do have too much power over the internet, but that’s a different scenario.

[–] Chronographs@lemmy.zip 16 points 3 months ago

This just seems like Cloudflare testing something that the CAs will eventually be running themselves, as opposed to them trying to supplant the CAs or something.

[–] db2@lemmy.world 13 points 3 months ago

Shove it up your ass, Cloudflare.

[–] cecilkorik@lemmy.ca 9 points 3 months ago (1 children)

Instead of just centralizing everything with Google, let's ALSO centralize all of that through Cloudflare too. If we centralize enough stuff onto enough different monolithic platforms it counts as decentralized, right? /s

[–] frongt@lemmy.zip 15 points 3 months ago (1 children)

the plan we’ve brought together with industry partners to the IETF

Sounds like it's very specifically not proprietary.

[–] fruitycoder@sh.itjust.works 0 points 3 months ago

Centralized services are honestly mostly ran on opensource. The network effects can still be massive bottle neck for freedom for the rest of us though

[–] mlg@lemmy.world 4 points 3 months ago

No offense but CAs still don't support ed25519, a now 20 year old ECDSA standard that everyone uses basically everywhere else, including FIPS.

Although tbf I'm sure the NSA could yolo PKI in an "emergency" situation anyway by compromising a CA, though I don't think that would happen unless its literally WWIII.

[–] solrize@lemmy.ml 2 points 3 months ago

Is this for quantum resistance? The certificates would be pretty large and they don't give a key agreement scheme, just signatures. They are clever but to deploy them on internet scale would take a lot of software changes in everything.