[Cryptography] letsencrypt.org
Perry E. Metzger
perry at piermont.com
Thu Sep 14 09:26:39 EDT 2017
On Thu, 14 Sep 2017 10:06:45 +0100 Ben Laurie <benl at google.com> wrote:
> On 13 September 2017 at 21:55, Perry E. Metzger
> <perry at piermont.com> wrote:
>
> > On Wed, 13 Sep 2017 14:18:40 -0400 "Bayuk" <jennifer at bayuk.com>
> > wrote:
> > > Has anyone on this list contributed to
> > > https://letsencrypt.org/ - and/or otherwise have personal
> > > experience, caveats, recommendations with respect to the
> > > current service or roadmap?
> >
> > It works. I use it a lot for random sites where I don't care
> > deeply about the security of the system.
> >
> > Note my security caveat isn't about the certificates being somehow
> > less good than other certificates. It is that someone gaining
> > temporary control of a server for your domain is in a good
> > position to also get a cert for your domain signed. Of course,
> > absent a system like Certificate Transparency, or cert pinning,
> > that's the case anyway, so perhaps I'm being paranoid.
> >
>
> You are exposed to that risk regardless of whether you use Let's
> Encrypt or not, so not quite sure what point you're making?
I said in my last sentence that you're exposed to that risk
regardless, so perhaps there is no point to my paranoia.
Did you miss that? See above.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list