[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] letsencrypt.org



On Thu, 14 Sep 2017 10:06:45 +0100 Ben Laurie <benl AT google.com> wrote:
> On 13 September 2017 at 21:55, Perry E. Metzger
> <perry AT piermont.com> wrote:
> 
> > On Wed, 13 Sep 2017 14:18:40 -0400 "Bayuk" <jennifer AT bayuk.com>
> > wrote:  
> > > Has anyone on this list contributed to
> > > https://letsencrypt.org/ - and/or otherwise have personal
> > > experience, caveats, recommendations with respect to the
> > > current service or roadmap?  
> >
> > It works. I use it a lot for random sites where I don't care
> > deeply about the security of the system.
> >
> > Note my security caveat isn't about the certificates being somehow
> > less good than other certificates. It is that someone gaining
> > temporary control of a server for your domain is in a good
> > position to also get a cert for your domain signed. Of course,
> > absent a system like Certificate Transparency, or cert pinning,
> > that's the case anyway, so perhaps I'm being paranoid.
> >  
> 
> You are exposed to that risk regardless of whether you use Let's
> Encrypt or not, so not quite sure what point you're making?

I said in my last sentence that you're exposed to that risk
regardless, so perhaps there is no point to my paranoia.
Did you miss that? See above.

Perry
-- 
Perry E. Metzger		perry AT piermont.com
_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography