[Cryptography] So long to Startcom
Stephen Farrell
stephen.farrell at cs.tcd.ie
Mon Dec 4 16:10:29 EST 2017
Hiya,
On 04/12/17 11:51, Salz, Rich via cryptography wrote:
>
>> These days there's little reason to use anyone other than Let's
> Encrypt for DV certificates.
>
> Is anyone bothered by that single point of failure? If LE has
> problems or falls far short of its funding needs, many people will be
> scrambling to renew their certificates in a very short period of
> time, and one or more commercial entities is going to reap a
> windfall.
Personally, I'm a little bothered by that SPOF. I'd love
to see a 2nd LE-like entity that didn't charge for DV
certs, and that's operating for some definition of the
public-good, even if it were one that only operated at a
small proportion of the scale of LE.
With 90-day validities (a good idea in general) and with
automation combined with ignorance of the internals of
ACME or PKI in many cases (also good things), I think the
scramble to a paid operator could be damaging if LE had
some significant issues even if those were temporary.
And who knows, a bit of competition might be a good
thing for LE too in the long run.
S.
>
>
> _______________________________________________ The cryptography
> mailing list cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171204/8e6332b7/attachment.sig>
More information about the cryptography
mailing list