[Cryptography] Why Alexander Hanff won't be using "Let's Encrypt"

Henry Baker hbaker1 at pipeline.com
Wed Dec 3 10:09:22 EST 2014

FYI --


Why I won't be using "Let's Encrypt" and recommend others not to also.

Alexander Hanff, Chief Privacy Officer at Connect In Private

November 20, 2014

'... it should be as clear as day to any group remotely knowledgeable about online security (such as EFF, CDT and Mozilla, who are behind the Let's Encrypt project) that creating a new Super Certificate Authority is the equivalent of painting a huge red target onto the backs of all the people who use it.'

'Let's not mix our words here, it will become a target - that much is completely indisputable, it would be utterly naive to believe the US Government will not target this new CA with court orders.  What's more, given the historical evidence, there is a strong chance that such orders will be for "super master keys" allowing them to pretend to be whomever they like and it will be done under the guise of National Security because of course a CA which provides free certificates for everyone is (in the eyes of law enforcement) a hotbed for criminals and terrorists - why on earth would a terrorist pay Verisign for an SSL certificate, leaving a paper trail, if they can obtain an anonymous certificate for free from Let's Encrypt?'

'It is an insane strategy by all parties involved - it removes all confidence in TLS certificates as far as I am concerned and I will absolutely not be using the service and have to strongly recommend others refrain from doing so as well.'

More information about the cryptography mailing list