[Cryptography] New free TLS CA coming

Phillip Hallam-Baker phill at hallambaker.com
Thu Nov 20 09:33:30 EST 2014

On Thu, Nov 20, 2014 at 6:22 AM, Richard Barnes <rbarnes at mozilla.com> wrote:
> I am from Mozilla, and the replies here are exactly right.  From the perspective of the Mozilla root CA program, Let's Encrypt will be treated as any other applicant, should they choose to apply.  No "immediate acceptance", no "less audited" -- same audit requirements and application process as everyone else.

I don't see the issue here. Comodo has been giving away certs for 8
years now. So have other CAs. Mozilla has known about that. It has
never been raised as an issue at roll over.

The issue with CACert wasn't that they were refused, they withdrew
their application after they realized that they were never going to
meet the audit criteria.

The only different thing here is that this time there is a proposal
for an automated enrollment protocol as well and presumably a
commitment to implementing it.

I have been calling for an automated enrollment protocol for quite a
while. This is the one I wrote for PRISM-PROOF email:


I was considering a wide range of scenarios ranging from EV certs to
certs for the coffee pot. Paid, unpaid, strong validation, DV, etc. My
model is subtly different but that was in part because I have worked
with Stephen Farrell, the current Security AD on five different
enrollment protocols over the years and I wanted to avoid the 'what
again?' response.

More information about the cryptography mailing list