[AusNOG] Lets Encrypt
Joshua Small
JSmall at daraco.com.au
Wed Nov 19 10:59:57 EST 2014
Hi,
A note on this:
* The letsencrypt project has a "TODO" which states "Support SANs and requests for certificates with multiple names". This is exactly what usually pushes someone away from the cheap/free certs available and into the current "premium" range. So there is hope yet that this project will put a dent in the major players.
* The fact that revocations and renewals should be signed under this protocol actually makes it stricter/more secure than existing options.
Joshua Small
-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Matt Palmer
Sent: Wednesday, 19 November 2014 10:49 AM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Lets Encrypt
On Wed, Nov 19, 2014 at 09:34:04AM +1000, Ernie wrote:
> https://letsencrypt.org/
>
> My question is, will this screw up companies like Verisign/Thawte sales?
Not much, if any. People who want cheap/free certs already, for the most part, know where to get them from. The more "premium" brands make their money via the brand, offering insurance (as much of a crock as it is), higher-validation (OV/EV) certificates, and other signalling effects that are unrelated to the *technical* product being offered.
That being said, Let's Encrypt is a *great* initiative, and I'm 100% behind it. Making certificate issuance easier (to the point of being entirely
automated) via the ACME protocol will massively reduce the barrier to TLS deployment, which can only serve to benefit the confidentiality of traffic on the Internet.
- Matt
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list