In the early phase of Russia - Ukraine war, Ukraine made a strange request to ICANN. They asked ICANN to remove .ru (Russian ccTLD) from the root DNS servers, revoke SSL certs for .ru and shut down root DNS servers hosted in Russia. Here are the three requests they made: Complete letter is here (and original source is here). This is going to be one of few notable cases where critical internet infrastructure is being weaponised.
Lately, I have been playing with many tools and as one gets into deploying those tools, SSL comes as a pain point. A large number of web-based tools I use are internal and on a private network. VPN (with OSPF running over FRR) takes care of connectivity but still, it’s good to have SSL on these machines. Non-HTTPs websites are getting more & more ugly with browsers and even things like password managers do not fill the passwords anymore on their own for non-HTTPS websites.
Last year a really good project Letsencrypt came up. They key objective of this project is to help in securing web by pushing SSL everywhere. Two key cool features It offer free signed SSL certs! It helps in setting up SSL via an agent seamlessly without having to deal with CSR, getting it signed & updating web server configuration. At this stage Letsencrypt is itself a Certificate Authority and but it’s root certs are yet not in the browser.