Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Maybe, but LetsEncrypt breaking would be fixed much faster than any other CA as it’s the only one where every user is automated.

Contrast that with the legacy model and the emailed zip files of cert chains alone would flood the intertubes.



I like LetsEncrypt and wasn't trying to suggest it was a problem. I think the comparison between LetsEncrypt and DNSSEC is instructive; a LetsEncrypt confidentiality failure would be disastrous, and a DNSSEC confidentiality failure... actually wouldn't matter at all, unless someone out there is doing something really creative and dumb with the protocol.


This might actually be a bad point for letsencrypt. All the eggs are starting to be in the same basket.


If your failures don't count, you're not doing anything important.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: