10 comments

[ 3.3 ms ] story [ 35.9 ms ] thread
Doesn't this move seem like it breaches some kind of ethical and moral guidelines?

It's putting the safety of users at risk just because of a litigation.

I find it akin to denying health checks to a patient that could have a highly contagious disease which puts everyone coming in contact at risk.

>“In response to a court order against Sci-Hub, Comodo CA has revoked four certificates for the site”

I think they have more pressing concerns than ethics and morals. I'm not saying I agree btw. I think it's precisely moves like this that will undermine the concept of security certificates entirely, to the point where no one will concern themselves with a site having a legit CA certificate or not. Similar to how cryptocurrency is undermining our precepts of fiat currency. People will start to feel at some point that it matters more that there is a secure channel to the site they're using than the certificate authority who tells you whether that site is legit.

But without a CA, the current SSL system (which I agree sucks) does not actually offer much security: your "secure channel" can be trivially man-in-the-middle'd.
I thought we were all using TLS..
How do you know there is a secure channel to the site? If the certificate doesn’t have to be CA signed, I can produce a certificate for google.com.
That's the point I was making, we won't know, we'll have to come up with a way of dealing without a central authority because the people who want to be our current central authorities are starting to show signs of being compromised.

Also yes you could produce a certificate for google.com by trying to MITM between me and my ISP, but if you managed to do that, I think I'd have bigger problems to worry about than getting to the real google.com.

The ultimate strike is still in the making - if you work on university on a paper and cite another paper- and that university has not subscription to the original publication- then its only some crooked steps towards implicating unreachable sources as pirated.
Plenty of people cite papers they haven’t read, or are not available digitally. They often cite it because some other paper does, or they only read the abstract.
Most universities have interlibrary loan departments to obtain items outside of the university's holdings. This route would be slower, but it is legal and I suspect a publisher would have a hard time proving in court that someone downloaded an article on Sci-Hub rather than used their interlibrary loan service. Maybe they could get the interlibrary loan request records and check that, but I do not suspect libraries would hand those records out without good reason. And I think that is far more effort than your average publisher would be willing to put in.

Plus, as the other commenter said, citing a paper unfortunately does not mean that someone has a copy of it.

DANE in DNSSEC would solve that. Unfortunately no major browser supports it.