HN Theater @HNTheaterMonth

⬐ joshuak

This is actually a great letsencrypt.org intro. Too bad it's not labeled that way here or on youtube.

⬐ nickpsecurity

Yeah, I suggest them changing the title to something that says it's letsencrypt. Had I not glanced here, I'd have totally skipped it thinking it was some scare tactics from security industry or government to push their agendas with.

⬐ baby

1. There are too many CAs

2. so let's create another CA!

The transition here was weird.

Also, there are now a HUGE number of certs signed by let's encrypt. Isn't that a problem? Remember Comodo now too big to get removed?

I guess let's encrypt cannot sign intermediate CA certificates and that's a good thing, and we should have more CA like that and less CA like Comodo. Also if they are free (I still find it mindblowing that you have to pay for certificates) and are quick to implement/respect new rules directed by the cabforum. Then it is an improvement of the current internet PKI.

Now what about better/other solutions to secure internet? I'm still scared of having to trust thousands of CAs that all have the same power.

⬐ kevin_thibedeau

> I still find it mindblowing that you have to pay for certificates

You pay for the CA to verify you are who you claim to be.

⬐ darklajid

For DV certificates: You pay a shitload of money for a single email.

Ignoring the sibling comment (most of these CAs aren't trustworthy as far as I'm concerned): The price is highly inflated and that translates to bile and disgust whenever I think of CAs or the CA model.

⬐ mirimir

But who verifies that the CA is who they claim to be?

Or is doing what they claim to do?

Maybe they've been hacked, or infiltrated, or sold out, or ...

If I'm American, do I trust Chinese CAs? Or vice versa?

⬐ c22

Presumably this is the job of browser vendors.