-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

It's not a broken or dodgy cert. The difference is the trust model
that @tedu is using. He is asking users to put trust in him vs a CA
(https://www.tedunangst.com/flak/post/moving-to-https - I know you
can't see it without the cert). The important part is this:

> Yesterday, reading this page in plaintext was perfectly fine, but today, add some AES to the mix, and it’s a terrible menace, unfit for even casual viewing.

The difference now is that your browser paints a terrifying UI vs
rendering stuff with a cert it doesn't know about.

The model he is using is similar to SSH's "Trust on first use" but
with a few extra steps to cope with the UI that operates via the
"Trust anything from these guys, they are totally OK, right? RIGHT?"
model.

Anyway, here is the cert, a sha256 sum and its sha256 fingerprint
of it if you feel like importing it into your browser:

```
- -----BEGIN CERTIFICATE-----
MIID2TCCAsGgAwIBAgIJAJIn/VMsBJrpMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJQQTEXMBUGA1UECgwOdGVkdW5hbmdzdC5jb20xGjAY
BgNVBAMMEWNhLnRlZHVuYW5nc3QuY29tMSIwIAYJKoZIhvcNAQkBFhN0ZWR1QHRl
ZHVuYW5nc3QuY29tMB4XDTE3MDcxMzIzNTMwNloXDTIxMDQwODIzNTMwNlowczEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgMAlBBMRcwFQYDVQQKDA50ZWR1bmFuZ3N0LmNv
bTEaMBgGA1UEAwwRY2EudGVkdW5hbmdzdC5jb20xIjAgBgkqhkiG9w0BCQEWE3Rl
ZHVAdGVkdW5hbmdzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC3uH7heRPPoxNFbhmHBbXzMqEClGxtEPaqVi6/owmviK5Yk7AvQ4ro5F740znk
fwno8tj5RPjDUpIBJkpBKBdTg23pHZOHAmioK11g0V6E8GIebKHvQi/iI/NCIRtq
+hfMCrwsfdX5lOE9HJyaiamdXrDUR1PNA4G7EEUamnVQqOT9+Y7Bbh2qaxvJ6bjw
43ytgzbDYUAFrsAiAzydPqX+FSQBTrB+pea2MEzNuevZFmBMdGUfvIHTmnp+PmUD
r/flLsDKaMNZL8HK4KydI0eInrTuoI9kd+Zu3L4ZmQVOTt7XV0ezHsROrqOxwpqd
9a1DCVXvOnuHuN7UwgYZIQ/XAgMBAAGjcDBuMAwGA1UdEwQFMAMBAf8wHgYDVR0e
BBcwFaATMBGCDy50ZWR1bmFuZ3N0LmNvbTAdBgNVHQ4EFgQUkrTp53Wxxq82rhLk
ltMCZGIQRQ0wHwYDVR0jBBgwFoAUkrTp53Wxxq82rhLkltMCZGIQRQ0wDQYJKoZI
hvcNAQELBQADggEBAKIOxuH4fMiiZXgL6ABUIzpmDWNQVYN89svUwezAOGbs8WV1
rTzoGBVoKwsXoiCI49nWdKaVMdOfoKUgmq2TrF3mST7+D/py+4XPPiJwcekOlwJ0
LJT41D1urH2YyGRz9vNFLeFmgwvQLExqWbOhPRG0YOoGR5W41JtVOyTsll6Z0qbQ
jkWBj/g5g8slVISfCKP7pH3CVmEUGbbZd5FiUrR+WDP9XOrPDsneX4/XkbLZ+ZNH
Z+RxNGlJ6txIQcSTmtsQqHTLdKRoAWT7YxmvPB9pfZ8bDsRSNjohF0QkxM0Y9qxf
Xf7xlhGJs7KkNn4LteI5vwjf+9U6Wtbm/Vr5MsU=
- -----END CERTIFICATE-----
```

```
SHA256 (ca-tedunangst-com.crt) = 049673630a4a8d801a6c17ac727e015fbf951686cdd253d986e9e4d1a8375cba
```

```
SHA-256 Fingerprint	AA DD 6D 06 88 7B 36 60 67 56 00 AB D0 76 FB B4
			3C 60 10 14 5D AB 4D 39 06 F8 24 08 4B 14 D2 BE
```

I have also signed this message using my pgp stuffs. I guess this
means we have a lobste.rs based web of trust using the Comments
protocol?

The real question in all of this shouldn't be "why is @tedu using
broken / dodgy certs", it should be: `Who do you trust more?`

Raw post / sig:
https://deftly.net/lpost.txt
https://deftly.net/lpost.txt.asc

PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaZZEwtYUjLE9zVX5J5FgqxvhI2sFAllyAGYACgkQJ5Fgqxvh
I2szYRAA4qkD1S0HCF9GCpSNPAaurhApc1v4xa2WqAAF6Bgl2G+4bkD8X3uIF2dk
rOxvUy5b41NnYCm4OUORGpHDeNf5XvfRjAPF9+c7b3QmERg6/jH/xHf/1T7ZyaE8
9F7+tzyIUb41lvWm9aLWjvDZGu5JEa2IhIdFJzMQWKfUKpVLW8UTw6C0uxCagIuy
n3LkC+rHzeZ324SRd5v6OTz22sS/ss5e3RwwwfDowc7DtEYAG56YKdx+x0qTdzBy
YF/ed8BTwyAvfLsdAoGUKqKIkxKKb78njkWE4k4YgpGx8p89b8Q0ayO2NYgEYgqS
Yy9sXfVRTDazCGpt3Fq5CqnbMyaHUfR9gX2YzIvkNZTn8lJNgfcLwuvu5xuENJ0Z
yqGreRW3sqGPJEFPB6oUvkXogZfrVpWHPp0UmSvQ87JjaVSDGcQahoX9PXtHW4GB
G+1ui5mXYbogsIeh/icGrxDeWDU5OiE6KVj8At5Autm7tCsfcVrcjrLVoPVuOiyF
+bA4iAS+EIOfHtKQLtjd4Q0H6tBLOD5oZABkKRT7BwjNnyqrZRD9AEcI/4l1RGA1
qFfJgmNPfH6+c/B6SztRS2kceS865V9CsI8e7VHyN8js7r+i/u24our/4QB2Fhlx
haEST/DVO1r26Lt/+ppcq3743Kn0j07eR7NYg1KoQXNUJ376s80=
=3uuE
-----END PGP SIGNATURE-----