[Cryptography] letsencrypt.org
John Levine
johnl at iecc.com
Wed Sep 13 21:50:59 EDT 2017
In article <7A0B3B61-DDBF-4B96-ABE5-0CA761806905 at dukhovni.org> you write:
>Given their reasonably clear and transparent practices, I'd
>be pleased if they became the *only* non-EV CA on the market.
>The price is right, and the security is about as good as it
>gets with DV. The commercial CAs can then focus on properly
>verifying the minority of customers who need EV certs.
This is the crux of the matter. Everything that is wrong with LE is
also wrong with the other DV providers, and LE is cheaper and appears
quite competent.
I stuff the LE verification records into my DNS toaster, so I have
certs not just for web sites but also for my SMTP clients and POP and
IMAP servers, all renewed automatically as needed. I use the acme.sh
shell script, and a tiny DNS update script I wrote. Works great.
R's,
John
PS: It occurs to me that LE makes the case for DANE a lot weaker.
More information about the cryptography
mailing list