[Cryptography] So long to Startcom

Stephen Farrell stephen.farrell at cs.tcd.ie
Mon Dec 4 16:10:29 EST 2017


Hiya,

On 04/12/17 11:51, Salz, Rich via cryptography wrote:
> 
>> These days there's little reason to use anyone other than Let's
> Encrypt for DV certificates.
> 
> Is anyone bothered by that single point of failure?  If LE has
> problems or falls far short of its funding needs, many people will be
> scrambling to renew their certificates in a very short period of
> time, and one or more commercial entities is going to reap a
> windfall.

Personally, I'm a little bothered by that SPOF. I'd love
to see a 2nd LE-like entity that didn't charge for DV
certs, and that's operating for some definition of the
public-good, even if it were one that only operated at a
small proportion of the scale of LE.

With 90-day validities (a good idea in general) and with
automation combined with ignorance of the internals of
ACME or PKI in many cases (also good things), I think the
scramble to a paid operator could be damaging if LE had
some significant issues even if those were temporary.

And who knows, a bit of competition might be a good
thing for LE too in the long run.

S.


> 
> 
> _______________________________________________ The cryptography
> mailing list cryptography at metzdowd.com 
> http://www.metzdowd.com/mailman/listinfo/cryptography
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171204/8e6332b7/attachment.sig>


More information about the cryptography mailing list