home.social

#webtrust — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #webtrust, aggregated by home.social.

  1. #LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

    We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

    A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

    I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

    https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

    [^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

    [^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

  2. #LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

    We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

    A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

    I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

    https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

    [^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

    [^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

  3. #LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

    We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

    A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

    I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

    https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

    [^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

    [^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

  4. #LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

    We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

    A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

    I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

    https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

    [^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

    [^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

  5. #LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

    We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

    A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

    I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

    https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

    [^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

    [^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

  6. 👮🏼‍♀️When you bake a gatekeeper right into your browser…but instead of placing that power in a transparent, representative organization (🌍 UN, W3C, etc.),
    you think: “Let’s just leave that to Google Search.” 🙃

    👉 Result: open-source projects like Immich get flagged as “dangerous.”

    #DigitalSovereignty #OpenSource #Google #WebTrust #DecentralizeTheWeb

    immich.app/blog/google-flags-i

  7. 👮🏼‍♀️When you bake a gatekeeper right into your browser…but instead of placing that power in a transparent, representative organization (🌍 UN, W3C, etc.),
    you think: “Let’s just leave that to Google Search.” 🙃

    👉 Result: open-source projects like Immich get flagged as “dangerous.”

    #DigitalSovereignty #OpenSource #Google #WebTrust #DecentralizeTheWeb

    immich.app/blog/google-flags-i

  8. 👮🏼‍♀️When you bake a gatekeeper right into your browser…but instead of placing that power in a transparent, representative organization (🌍 UN, W3C, etc.),
    you think: “Let’s just leave that to Google Search.” 🙃

    👉 Result: open-source projects like Immich get flagged as “dangerous.”

    #DigitalSovereignty #OpenSource #Google #WebTrust #DecentralizeTheWeb

    immich.app/blog/google-flags-i

  9. 👮🏼‍♀️When you bake a gatekeeper right into your browser…but instead of placing that power in a transparent, representative organization (🌍 UN, W3C, etc.),
    you think: “Let’s just leave that to Google Search.” 🙃

    👉 Result: open-source projects like Immich get flagged as “dangerous.”

    #DigitalSovereignty #OpenSource #Google #WebTrust #DecentralizeTheWeb

    immich.app/blog/google-flags-i

  10. 👮🏼‍♀️When you bake a gatekeeper right into your browser…but instead of placing that power in a transparent, representative organization (🌍 UN, W3C, etc.),
    you think: “Let’s just leave that to Google Search.” 🙃

    👉 Result: open-source projects like Immich get flagged as “dangerous.”

    #DigitalSovereignty #OpenSource #Google #WebTrust #DecentralizeTheWeb

    immich.app/blog/google-flags-i

  11. @danimo

    This is a complete misrepresentation of both #eIDAS and the #WebTrust that Mozilla tries to defend with its manipulative campaign. I explained it in details here:

    https://agora.echelon.pl/notice/AbOiM4RCpo4HpQzYzQ

    Specifically, “disallowing CT” is a completely invented accusation, just as “forcing browsers to include government root CA”, “enables surveillance” and “making it illegal to fix”. There’s literally zero evidence in the regulation supporting these accusations. And when Helme writes “it’s just EV”, it just demonstrates he has literally zero clue about what EU QCA infrastructure is.

  12. @danimo

    This is a complete misrepresentation of both #eIDAS and the #WebTrust that Mozilla tries to defend with its manipulative campaign. I explained it in details here:

    https://agora.echelon.pl/notice/AbOiM4RCpo4HpQzYzQ

    Specifically, “disallowing CT” is a completely invented accusation, just as “forcing browsers to include government root CA”, “enables surveillance” and “making it illegal to fix”. There’s literally zero evidence in the regulation supporting these accusations. And when Helme writes “it’s just EV”, it just demonstrates he has literally zero clue about what EU QCA infrastructure is.

  13. @danimo

    This is a complete misrepresentation of both #eIDAS and the #WebTrust that Mozilla tries to defend with its manipulative campaign. I explained it in details here:

    https://agora.echelon.pl/notice/AbOiM4RCpo4HpQzYzQ

    Specifically, “disallowing CT” is a completely invented accusation, just as “forcing browsers to include government root CA”, “enables surveillance” and “making it illegal to fix”. There’s literally zero evidence in the regulation supporting these accusations. And when Helme writes “it’s just EV”, it just demonstrates he has literally zero clue about what EU QCA infrastructure is.

  14. @danimo

    This is a complete misrepresentation of both #eIDAS and the #WebTrust that Mozilla tries to defend with its manipulative campaign. I explained it in details here:

    https://agora.echelon.pl/notice/AbOiM4RCpo4HpQzYzQ

    Specifically, “disallowing CT” is a completely invented accusation, just as “forcing browsers to include government root CA”, “enables surveillance” and “making it illegal to fix”. There’s literally zero evidence in the regulation supporting these accusations. And when Helme writes “it’s just EV”, it just demonstrates he has literally zero clue about what EU QCA infrastructure is.