penumbradevs
@devs.penumbra.zone
ramblings of @penumbra.zone developers // "what if ring signatures, for posts?"
try our testnet https://guide.penumbra.zone
guide.penumbra.zone
April 13, 2023 at 1:58 AM
try our testnet https://guide.penumbra.zone
that seems like a bigger blocker, the "magic" is much better with alpn verification, which can be handled inside the tls handshake, so you don't have to deal with anything else other than the configuration you already had to have to be able to serve requests
April 13, 2023 at 12:49 AM
that seems like a bigger blocker, the "magic" is much better with alpn verification, which can be handled inside the tls handshake, so you don't have to deal with anything else other than the configuration you already had to have to be able to serve requests
this crate doesn't support TLS-ALPN-01 verification, though, only DNS-01 and HTTP-01 (i don't know if ZeroSSL even does TLS-ALPN-01), so we'd need to serve HTTP-01 verification to support this.
April 13, 2023 at 12:46 AM
this crate doesn't support TLS-ALPN-01 verification, though, only DNS-01 and HTTP-01 (i don't know if ZeroSSL even does TLS-ALPN-01), so we'd need to serve HTTP-01 verification to support this.
interesting, seems good to have a backup option. curious to find out when someone will first report running into problems with rate limits
April 13, 2023 at 12:44 AM
interesting, seems good to have a backup option. curious to find out when someone will first report running into problems with rate limits
$ curl -s 'https://api.zerossl.com/acme/eab-credentials-email' --data "email=test@example.com"
note that the email doesn't have to be associated with a ZeroSSL account, or even real. then you use the acme2-eab crate with that credential to get the cert.
note that the email doesn't have to be associated with a ZeroSSL account, or even real. then you use the acme2-eab crate with that credential to get the cert.
crates.io: Rust Package Registry
crates.io
April 13, 2023 at 12:39 AM
$ curl -s 'https://api.zerossl.com/acme/eab-credentials-email' --data "email=test@example.com"
note that the email doesn't have to be associated with a ZeroSSL account, or even real. then you use the acme2-eab crate with that credential to get the cert.
note that the email doesn't have to be associated with a ZeroSSL account, or even real. then you use the acme2-eab crate with that credential to get the cert.
we could do like Caddy and use the "unlimited" ACME endpoint provided by ZeroSSL as a fallback to LetsEncrypt (or a default, even). requires using an underdocumented API to acquire an EAB credential from ZeroSSL without a ZeroSSL account API key, but Caddy uses it, so it's likely dependable...
April 13, 2023 at 12:36 AM
we could do like Caddy and use the "unlimited" ACME endpoint provided by ZeroSSL as a fallback to LetsEncrypt (or a default, even). requires using an underdocumented API to acquire an EAB credential from ZeroSSL without a ZeroSSL account API key, but Caddy uses it, so it's likely dependable...
ring signatures: maximize variance
threshold signatures: minimize variance
threshold signatures: minimize variance
April 12, 2023 at 11:51 PM
ring signatures: maximize variance
threshold signatures: minimize variance
threshold signatures: minimize variance