servercert
web.dev
servercert | web.dev | |
---|---|---|
10 | 148 | |
165 | 3,547 | |
3.0% | - | |
6.3 | 9.0 | |
1 day ago | 9 months ago | |
CSS | Nunjucks | |
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
servercert
- SSL certificate lifetimes are going down. Dates proposed. 45 days by 2027
- CA/Browser Forum SC-081: Introduce Schedule of Reducing Validity Periods
- WebPKI – Introduce Schedule of Reducing Validity (Of TLS Server Certificates)
-
We Spent $20 to Achieve RCE and Accidentally Became the Admins of .MOBI
The current CAB Forum Baseline Requirements call for "Multi-Perspective Issuance Corroboration" [1] i.e. make sure the DNS or HTTP challenge looks the same from several different data centres in different countries.
[1] https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
-
DigiCert Revocation Incident (Cname Domain Validation)
There's no prohibition against issuing certificates for names on the Public Suffix List.
BR 3.2.2.6 prohibits issuing a wildcard certificate for an entire public suffix unless the "Applicant proves its rightful control of the entire Domain Namespace" (without specifying how this should be done - arguably, publishing a DNS record would qualify) but also says that CAs should use the "ICANN DOMAINS" section of the PSL only, not the "PRIVATE DOMAINS" section, so domains for dynamic DNS providers and the like wouldn't be included in any case. [https://github.com/cabforum/servercert/blob/main/docs/BR.md#...]
-
All I Know About Certificates – Certificate Authority
That's because some people came along and produced a parallel standard [1] adding loads more rules, clarifications and constraints to convert X509 into something approximately fit for purpose.
[1] https://github.com/cabforum/servercert
-
Does my site need HTTPS?
This is permitted: https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
But it hasn't really caught on; a lot of registrars don't seem to want the complexity of being (or integrating with) a CA, and vice versa.
-
Let's Encrypt: Issue with TLS-ALPN-01 Validation Method
It is unfortunate. It's required: https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
-
MarkMonitor left 60k domains for the taking
No, they don't have to MitM the CA's domain validation request. While they have brief control over the website, they use domain validation method 3.2.2.4.18 (Agreed-Upon Change to Website v2)[1] or 3.2.2.4.19 (Agreed-Upon Change to Website - ACME)[2] to legitimately complete domain validation by making a change to the website.
[1] https://github.com/cabforum/servercert/blob/cda0f92ee70121fd...
- A safer default for navigation: HTTPS
web.dev
-
Building a realtime chat app with Next.js and Vercel
Before we start creating pages in our application, it's important to understand how Next.js renders content. The framework supports multiple rendering methods including server-side rendering (SSR), static site rendering (SSG), and client-side rendering (CSR). There are many pros and cons to each rendering method (too many to cover in this post) so if these concepts are new to you, Google’s web.dev site has a very good introduction to rendering on the web that can help you understand rendering options.
-
Navigating the Waters of Core Web Vitals in 2024
The lifecycle of an interaction. Source: web.dev
-
How hard has code splitting been in your experience?
Probably not, it's the CSS used so far, so if there are elements you've not interacted with, that's an issue. This web.dev article gives some tools you can use https://web.dev/articles/extract-critical-css
-
Google have removed RSS support from their developer blogs
I noticed the same for Google's site https://web.dev/
The last article pushed to the feed was "Changes to the web.dev infrastructure" few months ago https://web.dev/blog/webdev-migration
The feed still there but with no updates https://web.dev/feed.xml and on the site you can see new articles published.
Is sad that on a infrastructure revamp of a modern site, the RSS feed was left out of the features list (at least for now).
-
How do websites have a prompt on unsupported browsers?
Upon testing on Firefox and Mi Browser, there was no triggering of the BeforeInstallPrompt event, as expected. However, I noticed that web.dev manages to display a prompt on these browsers, even though they theoretically lack support for the BeforeInstallPrompt event.
-
StackOverflow alternatives for web developers
web.dev, maintained by Google, including posts by Chrome developers and their co-workers,
-
Progressive vs. Incremental Rendering/(Re)Hydration
In a old web.dev articleI came across the word "Incremental (Re)Hydration" which is linked to a Glimmer.js-Blog post (also called "Incremental Rendering" there) confuses me. Is Incremental (Re)Hydration the same as Progressive (Re)Hydration? Reading the Glimmer-Blog article it seems so, but in the web.devarticle it seems to be something different.
-
Staying up to date with the industry with newsletters
Web.dev newsletter - though it's not a weekly newsletter and it's only content from web.dev (though really high quality content)
-
Is it possible to get into coding at 21 with no qualifications self taught?
Just open up a text edi web developers are self-taught. a website. That's what I did. Some people like this: https://web.dev
- Ya saben a donde anotarse si la quieren pegar en IT.
What are some alternatives?
cert-gen - Generate CA and self-signed SSL certificates usable in your browser for local development.
vanilla-extract - Zero-runtime Stylesheets-in-TypeScript
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
bedrock - WordPress boilerplate with Composer, easier configuration, and an improved folder structure
devcert-cli - A CLI wrapper for devcert, to manage development SSL/TLS certificates and domains
lighthouse - Automated auditing, performance metrics, and best practices for the web.
devcert - Local HTTPS development made easy
lite-youtube-embed - A faster youtube embed.
pykka - 🌀 Pykka makes it easier to build concurrent Python applications.
WebFundamentals - Former git repo for WebFundamentals on developers.google.com
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>
TheAnnoyingSite.com - The Annoying Site a.k.a. "The Power of the Web Platform"