[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] letsencrypt.org

On 13 September 2017 at 21:55, Perry E. Metzger <perry AT piermont.com> wrote:
On Wed, 13 Sep 2017 14:18:40 -0400 "Bayuk" <jennifer AT bayuk.com> wrote:
> Has anyone on this list contributed to  https://letsencrypt.org/ -
> and/or otherwise have personal experience, caveats, recommendations
> with respect to the current service or roadmap?

It works. I use it a lot for random sites where I don't care deeply
about the security of the system.

Note my security caveat isn't about the certificates being somehow
less good than other certificates. It is that someone gaining
temporary control of a server for your domain is in a good position to
also get a cert for your domain signed. Of course, absent a system
like Certificate Transparency, or cert pinning, that's the case
anyway, so perhaps I'm being paranoid.

You are exposed to that risk regardless of whether you use Let's Encrypt or not, so not quite sure what point you're making?

The cryptography mailing list
cryptography AT metzdowd.com