[kwlug-disc] Let's Encrypt out of beta

Thu Apr 14 04:21:28 EDT 2016

----- Original Message -----

> From: Paul Nijjar via kwlug-disc <kwlug-disc at kwlug.org>
> To: KWLUG discussion <kwlug-disc at kwlug.org>
> Cc: Paul Nijjar <paul_nijjar at yahoo.ca>
> Sent: Wednesday, April 13, 2016 3:33 PM
> Subject: Re: [kwlug-disc] Let's Encrypt out of beta
> 
> On Wed, Apr 13, 2016 at 05:40:01PM +0000, CrankyOldBugger wrote:
>>  Here's an update on the Let's Encrypt project from LF:
>> 
>> 
> http://www.eweek.com/security/lets-encrypt-internet-security-initiative-exits-beta.html
> 
> 
> Huh. This tells me that the project is dangerous, because it depends on
> continued corporate sponsorship for its existence. Once our "friends"
> at the big companies drop their sponsorships, it will fall apart.

What is the basis and justification for spreading such fears?

Given the list of participants, it doesn't feel like any one of them leaving will significantly jeopardize the service. Many leaving may perhaps hiccup processing, but prudence would dictate that they would preserve the backend core (validating an in use web site's cert) to the last resort. Do you have any reason to believe a mass of participants would suddenly depart, bringing those backend servers down for lack of funding?

What is the worst case scenario of such sudden disappearance? That your website for which you acquired a cert would stop having its cert accepted, and your users would get grief upon accessing your site. Since such a disappearance would likely be telegraphed non-trivially in advance, you'd have time to change your cert to cacert or some other equivalent.

By your argument, inherently, all projects are dangerous. Everything depends upon sponsorship of one form or another. Do you have any reason to believe this project is any more dangerous than its (free) competitors, or more dangerous than the average project out there?