I mean I’m not saying the investment isn’t emotional only.

Because they need to protect their investment bubble. If that bursts before Deepseek is banned, a few people are going to lose a lot of money, and they sure as heck aren’t gonna pay for it themselves.

I’m a trained netsec professional so handling keys and such is not really a hassle for me. What is a hassle IMO is having to manually do more things than hitting the “revoke” button to fully properly revoke a certificate, so that’s where the CRL/OCSP req comes from.

Looks like that part is something you really only get for free with EJBCA, which I’ve tried and found very exhausting to use for my home network. If I had to pick one for work I’d probably go with EJBCA though, seems worth the effort if you’re doing more complex things.

step-ca does not currently support active revocation mechanisms like a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).

Meh. Doesn’t do what I need it to. :/

Does seem like automatic CRL/OCSP is something you only get for free with EJBCA. Frustrating, that.

Ich kann mich ja irren aber das sieht alles nicht so aus als wäre da wirklich was dran.

Merz sagt diese Sachen auch nicht um Leute wie dich zu erreichen. Wenn du in der Lage bist, das kritisch zu hinterfragen (und nicht begreift wie du davon profitierst), bist du nicht die Zielgruppe.

Warum ist dabei dann automatisch immer der Staatsschutz involviert? Ist das dann nicht eher ein Fall für gewöhnliche Polizei und Staatsanwaltschaft?