Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
TZubiri 5 days ago

Certificate by Let's Encrypt, issued to "putty.software" no other info.

Sometimes I feel like we are training users to disregard safety mechanisms for phishing.

Using putty was never the pinnacle of professionalism and open source auditing anyway, it's just a binary you download on windows before you hear the gospel of linux and ssh.

viraptor 5 days ago | parent | next [-]

Why would that be disregarding safety? There's no extra text you can put on the website that would prove anything else (apart from messages signed by a known key, but honestly nobody would check those). Certificates don't provide any identity validation in practice.

TZubiri 5 days ago | parent [-]

Certificates have fields for location, company or name of person.

viraptor 4 days ago | parent | next [-]

They mean very little. Even the fully reviewed software signing cert I got with id validation was a total hack job (company didn't know how to read my ID, asked to change some field and they did).

mbrndtgn 4 days ago | parent | prev [-]

So you're suggesting we should bring back extended validation? Currently they don't mean anything.

account42 3 days ago | parent | prev | next [-]

> Certificate by Let's Encrypt, issued to "putty.software" no other info.

That's how domain validated certificates that are used on most website today work.

And yes, it's bonkers that we need to rely on authorities like Let's Encrypt for this instead of just delegating trust via the same hierarchy as DNS.

akoboldfrying 5 days ago | parent | prev | next [-]

> Using putty was never the pinnacle of professionalism and open source auditing anyway

Huh? The source is available on the original site and TTBOMK always has been, you're welcome to compile it yourself.

TZubiri 5 days ago | parent [-]

No one in the history of humanity has compiled a tool from source in windows

mdaniel 5 days ago | parent [-]

Apologies, detecting sarcasm on the Internet is always tricky, but relevant to this discussion I have even gone so far as to make a CMake descriptor for PuTTY because I was compiling on Windows to fix some quirk that I didn't like (it was so many years ago I don't recall, but I did recall thinking "whhhhyyyyy!!!" to people that do cutesy home-grown build systems)

However, it seems that the universe heard my pleas https://git.tartarus.org/?p=simon/putty.git;a=commit;h=c19e7... Replace mkfiles.pl with a CMake build system

For context, I believe that a tool isn't open source unless I can build it, so I actually build almost anything I can from source for that reason

TZubiri 4 days ago | parent [-]

Congratulations on being the first to build something from source on Windows! (It's more of hyperbole than sarcasm.)

nottorp 5 days ago | parent | prev [-]

I'm sure you could ask Mr Tatham to offer a version with feel-good certificates for the low low price of a couple Silicon Valley lattes per month...