[Cryptography] Why Alexander Hanff won't be using "Let's Encrypt"

Dave Howe DaveHowe at gmx.co.uk
Wed Dec 3 13:43:42 EST 2014

On 03/12/2014 15:09, Henry Baker wrote:
> 'Let's not mix our words here, it will become a target - that much is
> completely indisputable, it would be utterly naive to believe the US
> Government will not target this new CA with court orders.  What's
> more, given the historical evidence, there is a strong chance that
> such orders will be for "super master keys" allowing them to pretend
> to be whomever they like and it will be done under the guise of
> National Security because of course a CA which provides free
> certificates for everyone is (in the eyes of law enforcement) a
> hotbed for criminals and terrorists - why on earth would a terrorist
> pay Verisign for an SSL certificate, leaving a paper trail, if they
> can obtain an anonymous certificate for free from Let's Encrypt?'

Why would it matter? It's not as if the TLAs can't already spoof
commercial certificates; access to a specific CA signing key isn't going
to make that any harder or easier, as the session is still encrypted
with the server's own key (not the CA key) - so without an active MitM
attack there is no more or less danger depending on who signed the CSR.

More information about the cryptography mailing list