alt Hacker NewsAcme, a brief history of one of the protocols which has changed the Internet
Comments
Thank you Let’s Encrypt, you changed the world and made it better.
Sorry to everyone else who was listening in on the wire. Come back with a warrant, I guess?!
I remember deploying SSL on NetWare in the late 1990s and being given ... something that the US allowed to be exported as a munition!
I don't recall the exact details but it was basically buggered - short key length. Long enough to challenge a 80386 Beowulf cluster but no match for whatever was humming away in a very well funded machine room.
You could still play with all the other exciting dials and knobs, SANs and so on but in the end it was pretty worthless.
It certainly affected Wile E Coyote.
There are several other certificate provisioning protocols:
* https://en.wikipedia.org/wiki/Simple_Certificate_Enrollment_...
Can someone explain why letsencrypt certificates have to be 90 days expiry? I know there is automation available, but what is the rationale for 90 days?
Thank you for your service
Has anyone considered the possibility that a CA such as Let's Encrypt could be compromised or even run entirely by intelligence operatives? Of course, there are many other CAs that could be compromised and making money off of customers on top of that. But who knows... What could defend against this possibility? Multiple signatures on a certificate?
I’m sorry, who the heck wrote this and why should I trust them? Very poorly written, also.
It’s bizarre. There is a photo at the top, no name, no site title. No about page. Extremely untrustworthy.
it seems like all this infrastructure could be replaced by a DNS TXT record with a public key that browsers could use to check the cert sent from the web server. A web server would load a self-signed cert (or whatever cert they wanted), and put the cert's public key into a DNS record for that hostname. Every visit to a website would need two lookups, one for address and one for key. It puts control back into the hands of the domain owners and eliminates the need for letsencrypt.
Let's Encrypt did more for privacy than any other organization. Before Let's Encrypt, we'd usually deploy TLS certificates, but as somewhat of an afterthought, and leaving HTTP accessible. They were a pain to (very manually) rotate once a year, too.
It's hard to overstate just how much LE changed things. They made TLS the default, so much that you didn't have to keep unencrypted HTTP around any more. Kudos.