[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cryptography] letsencrypt.org
- From: Ben Laurie <ben AT links.org>
- Subject: Re: [Cryptography] letsencrypt.org
- Date: Thu, 14 Sep 2017 19:05:14 +0100
- Arc-authentication-results: i=1; mx.google.com; dkim=neutral (body hash did not verify) email@example.com header.s=20161025 header.b=VBu+af3+; spf=pass (google.com: best guess record for domain of cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com designates 18.104.22.168 as permitted sender) smtp.mailfrom=cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:to:message-id:date:from:references:in-reply-to :mime-version:dkim-signature:delivered-to:arc-authentication-results; bh=KP1zXV6/6AcFev5UMgy6GEQ79aLMkV1MLVryRK7cOiE=; b=HTwWVguSQlxNo7vwgbRuVaV8J4eAB8e8j+zsn/ZSTAaX1t3SNyPnWyxcN5VUVEMKNm TmfBA7I66Ts1KYWhXn05M4JN8tO/Lb/YO/jWHe5Ha7CRjLDSFE6CLgXKZYayV70JyiFc Ggt6dDf3FPc+tZmU6h/thx/UEFCKI5c/x7rt0YMUFRa4nPaVP4BiKWGG9P80FMK7qQYS BPLyD8a2HxjbzKyd3c7pI4gNtxx4t0sA5vC2errTYg3iQUIyCcEMRsVE/wPzUhDSdsIL f1PatMtCL7Tf2Y/feRmBK7N71b02/yZ+uE4dijXuYB6mwPFqyRlalqaj1DE4TJ0a9V/9 oM3Q==
- Arc-seal: i=1; a=rsa-sha256; t=1505419892; cv=none; d=google.com; s=arc-20160816; b=0sUsmH6F49yYQffZziFA7epJCKWsAoiFML9DmBqPcExnwa3hIuK0a1pBFfoiQlYxdB tYyRvzC5/5heYy74YKRYpiicDNiqs0LCZznm2GBXYXLAh5rNiFUlg5fMwvmF4j53zT0o Lr8eGdJ/snwxU0hWAG3LWLSiVlW201xW4ij8D+dC1nHHjWoyCT8wQDWnbo+k66bLprjQ Yzx3bRfjp+FX5iRQAf1PVUNOrN0TK04t7QXeYx6I/biFOq0Tk2GJI8wUcjPY9BblpohT RMNKzOE8DGfHlKAzrWB8Q/fxUcbJ+XMa5+Q0sFTs3gSFsxmkiqdgJ4pT+ZY+/0NucEIx Vasg==
- Cc: Cryptography <cryptography AT metzdowd.com>, Ben Laurie <benl AT google.com>
- List-archive: <http://www.metzdowd.com/pipermail/cryptography/>
- Sender: "cryptography" <cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com>
- To: "Perry E. Metzger" <perry AT piermont.com>
On 14 September 2017 at 14:26, Perry E. Metzger <perry AT piermont.com> wrote:
> On Thu, 14 Sep 2017 10:06:45 +0100 Ben Laurie <benl AT google.com> wrote:
>> On 13 September 2017 at 21:55, Perry E. Metzger
>> <perry AT piermont.com> wrote:
>> > On Wed, 13 Sep 2017 14:18:40 -0400 "Bayuk" <jennifer AT bayuk.com>
>> > wrote:
>> > > Has anyone on this list contributed to
>> > > https://letsencrypt.org/ - and/or otherwise have personal
>> > > experience, caveats, recommendations with respect to the
>> > > current service or roadmap?
>> > It works. I use it a lot for random sites where I don't care
>> > deeply about the security of the system.
>> > Note my security caveat isn't about the certificates being somehow
>> > less good than other certificates. It is that someone gaining
>> > temporary control of a server for your domain is in a good
>> > position to also get a cert for your domain signed. Of course,
>> > absent a system like Certificate Transparency, or cert pinning,
>> > that's the case anyway, so perhaps I'm being paranoid.
>> You are exposed to that risk regardless of whether you use Let's
>> Encrypt or not, so not quite sure what point you're making?
> I said in my last sentence that you're exposed to that risk
> regardless, so perhaps there is no point to my paranoia.
> Did you miss that? See above.
Hmm. I guess I just didn't parse it as you intended. :-)
CT doesn't prevent them getting a cert, btw, it just ensure you know they have.
You are checking CT for your domains, aren't you?
The cryptography mailing list
cryptography AT metzdowd.com