[Cryptography] letsencrypt.org
Ben Laurie
benl at google.com
Thu Sep 14 05:06:45 EDT 2017
On 13 September 2017 at 21:55, Perry E. Metzger <perry at piermont.com> wrote:
> On Wed, 13 Sep 2017 14:18:40 -0400 "Bayuk" <jennifer at bayuk.com> wrote:
> > Has anyone on this list contributed to https://letsencrypt.org/ -
> > and/or otherwise have personal experience, caveats, recommendations
> > with respect to the current service or roadmap?
>
> It works. I use it a lot for random sites where I don't care deeply
> about the security of the system.
>
> Note my security caveat isn't about the certificates being somehow
> less good than other certificates. It is that someone gaining
> temporary control of a server for your domain is in a good position to
> also get a cert for your domain signed. Of course, absent a system
> like Certificate Transparency, or cert pinning, that's the case
> anyway, so perhaps I'm being paranoid.
>
You are exposed to that risk regardless of whether you use Let's Encrypt or
not, so not quite sure what point you're making?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170914/4bf8608e/attachment.html>
More information about the cryptography
mailing list