does SSL even protect users now that most of the CAs are also hosting or reverse proxy companies
@ben ??? what kind of question is this
@ben yeah i think so
at least if you get your certs from let's encrypt, which ensures that you can only get a cert for a domain that you actually control
idk what policy the other cas have
@00dani but let's say you get a different dynamic IP address or something and someone else manages to get yours
you own the domain, but have no control over the server that now has an entirely valid TLS certificate
@ben wait why would reallocating your ip address mean someone else gets control of your server?
i'm not following this scenario
@00dani let's say you didn't update the A records on your domain name
Hierarchies of trust have their issues, but at that level of antagonism at such a high level, I'm legitimately not sure what you could do for any system.
Saying SSL isn't secure for that is like saying that your car isn't secure when the police stole your keys.
dnssec also has many of the same issues as ssl certificates, but at least it's a bit more distributed with each TLD controlling their own non-shared key
it's currently supported by zero browsers
@ben oh so your domain is pointing at the old ip, which now equals someone else's server
i mean, that's technically correct behaviour? you've controlled the domain to say "hey this is what the domain resolves to" and then a cert can be acquired by the server that the domain resolves to
and it's entirely avoidable by updating your a records like you're supposed to ofc
@ben Still protects data on the wire.
This server and all of its members live in the same basement.