[AusNOG] Lets Encrypt

Mark Andrews marka at isc.org
Wed Nov 19 11:01:30 EST 2014


In message <20141118234925.GS5614 at hezmatt.org>, Matt Palmer writes:
> On Wed, Nov 19, 2014 at 09:34:04AM +1000, Ernie wrote:
> > https://letsencrypt.org/
> > 
> > My question is, will this screw up companies like Verisign/Thawte sales?
> 
> Not much, if any.  People who want cheap/free certs already, for the most
> part, know where to get them from.  The more "premium" brands make their
> money via the brand, offering insurance (as much of a crock as it is),
> higher-validation (OV/EV) certificates, and other signalling effects that
> are unrelated to the *technical* product being offered.
> 
> That being said, Let's Encrypt is a *great* initiative, and I'm 100% behind
> it.  Making certificate issuance easier (to the point of being entirely
> automated) via the ACME protocol will massively reduce the barrier to TLS
> deployment, which can only serve to benefit the confidentiality of traffic
> on the Internet.
> 
> - Matt

Or we could just deploy DANE and not require a CA to issue CERTs.

According to http://www.auda.org.au/industry-information/au-domains/dnssec/
the DS records for AU should have been added to the root zone back on 28th
of October.
 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the AusNOG mailing list