[kwlug-disc] Let's Encrypt out of beta

Paul Nijjar paul_nijjar at yahoo.ca
Fri Apr 15 21:02:51 EDT 2016


On Fri, Apr 15, 2016 at 03:59:46PM -0400, Hubert Chathi wrote:
> 
> > In principle the code is open and available. If there were a bunch of
> > organizations running their own Boulder server CAs then I would be
> > less worried. Maybe this is happening, but I do not know what those
> > other services are. That would be a model that is more robust, in any
> > case.
> 
> The problem here is that the code is a secondary issue.  The important
> part is that their signing key is trusted by the browsers, and for
> obvious reasons, they can't open source their signing key.

Agreed. But if Let's Encrypt could do this then can't other parties do
so as well? 

> 
> But the real solution to basic web encryption isn't Let's Encrypt, it's
> DNSSEC + DANE.

I happened to run into this today, which is a differing opinion: 

http://sockpuppet.org/blog/2015/01/15/against-dnssec/

(Weirdly, the context was not the Matasno Crypto Challenge
either. This is weird because these are the challenges that Eric
Gerlach is hosting on Tuesday and that Bob advertised on the KWCrypto
list:
https://www.meetup.com/Waterloo-Information-Security-Exchange/events/230350396/
. You (collectively) should come! If I am healthy enough to
participate, then nobody else will have to worry about being the worst
programmer there.) 

- Paul 

-- 
http://pnijjar.freeshell.org





More information about the kwlug-disc mailing list