[Cryptography] Well, that only took ten years

Howard Chu hyc at symas.com
Fri Aug 16 08:52:56 EDT 2019

Stephen Farrell wrote:
> Hiya,
> I concur that EV was muck, but...
> On 14/08/2019 08:13, Peter Gutmann wrote:
>> In any case it'll be interesting to see what the next deckchair-rearrangement
>> in browser PKI will be.  
> Not quite a deckchair re-arrangement, but I'd love to
> see an 2nd independent instance of what LE do, capable
> of handling about 10% of the same volume, and of ramping
> up, just in case.

You can operate a fully automatic CA on OpenLDAP that will scale to
whatever data and traffic volume you care to, no sweat.


I personally use this to generate server certs for my email servers, and
client certs for my laptops / phones / etc.
> Hundreds of CAs was wrong. Approximately one sensible
> CA also seems wrong to me.
>> Whatever it is, I'd like to take this opportunity to
>> predict in advance that it'll have no effect.
> If we did have an LE-alternate that had no effect (at
> the moment) that'd be just fine:-)

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the cryptography mailing list