alt Hacker NewsNew baseline expectation that web traffic will be encrypted on the wire: very good!
New de-facto requirement that you need to receive the blessing of a CA to make use of basic web platform features... not so good.
Replies
jovial_cavalier • yesterday at 7:50 PM
That's not new, LetsEncrypt just didn't solve it. And if you think this is the only single point of failure in the stack, I have news for you.
➕ show 1 reply
unethical_ban • yesterday at 8:37 PM
Kinda hear you, but DNS is a defacto requirement as well. Neither DNS (common TLDs) nor any of the major cert vendors I'm aware of ask you your site's business before issuing.
➕ show 1 reply
Can you elaborate a bit about what you mean by "the blessing of a CA"?
I agree that it's true that you need a certificate to do TLS, but importantly Let's Encrypt isn't interested in what you do with your certificate, just that you actually control the domain name. See: https://letsencrypt.org/2015/10/29/phishing-and-malware.html