this post was submitted on 03 Oct 2023
589 points (98.8% liked)

Firefox

17857 readers
1 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
589
Say (an encrypted) hello to a more private internet. (blog.mozilla.org)
submitted 2 years ago by buh@lemmy.world to c/firefox@lemmy.ml
51 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] TiffyBelle@feddit.uk 88 points 2 years ago (3 children)

All well and good, but sadly this relies on the hosts managing DNS to include specific entries in their DNS configuration for keys to use during the encryption process. Unfortunately the vast majority of hosts probably won't be bothered to do this, similar to DNSSEC.

[–] LastYearsPumpkin@feddit.ch 124 points 2 years ago (2 children)

And HTTPS relies on hosts managing SSL certificates. Web services don't use them until it hits a critical mass, then it becomes weird and broken when you aren't using it.

This just needs some time to settle in.

[–] DarkThoughts@kbin.social 72 points 2 years ago (3 children)

I remember when absolutely no one used https and then in a matter of a couple years things got really fast. Now you can easily browse with https required and only occasionally find the odd website that doesn't use it (mostly some internet relic). That was such a great transition when it happened though.

[–] FriendlyBeagleDog@lemmy.blahaj.zone 41 points 2 years ago* (last edited 2 years ago) (1 children)

It felt like it happened practically overnight when Let's Encrypt released.

[–] Chobbes@lemmy.world 33 points 2 years ago (1 children)

Let's Encrypt was a godsend. Getting a TLS certificate before sucked.

[–] kautau@lemmy.world 25 points 2 years ago (1 children)

Yes. Thank these folks:

Mozilla employees Josh Aas and Eric Rescorla, together with Peter Eckersley at the Electronic Frontier Foundation and J. Alex Halderman at the University of Michigan. Internet Security Research Group, the company behind Let's Encrypt, was incorporated in May 2013.

They created the ACME standard, the open source community got on board, and soon enough everyone bought in, a massive step forward for Internet security and the benefit of open source.

[–] jazir5@lemmy.ml 13 points 2 years ago

So Firefox is basically the GOAT when it comes to internet security and privacy? They should team up with the signal guys.

[–] Rade0nfighter@lemmy.world 27 points 2 years ago (1 children)

Google preferring https sites was the motivator I saw for client demands.

SEO scores feed into the PPC cost in AdWords so all of a sudden people were crying out for their sites to “have the padlock icon” because what’s 20 bucks for a cert when you’re spending thousands of dollars a month

[–] jazir5@lemmy.ml 11 points 2 years ago

And now it's free with stuff like Let's Encrypt.

[–] TiffyBelle@feddit.uk 5 points 2 years ago

You're right, but HTTPS implementation added real, tangible benefits that everyone could understand. I think ECH is a little more abstract for the average user, which is why I compared it to DNSSEC which has notoriously poor buy-in.

Obviously I hope ECH becomes a well-implemented standard. I'm just rather cynical that it'll be the case.

[–] Gestrid@lemmy.ca 8 points 2 years ago (1 children)

Apparently, Cloudflare already supports ECH, and a not-insignificant number of websites use them.

[–] Amends1782@lemmy.ca -3 points 2 years ago (1 children)

Unfortunately though, is that it's cloudflare

[–] Franzia@lemmy.blahaj.zone 2 points 2 years ago (1 children)

Can you give me more insight as to why you don't like cloudflare? I'm barely informed about this.

[–] pazukaza@lemmy.ml 1 points 2 years ago

Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?

Including DNS in this seems weird.