[AusNOG] Lets Encrypt
Colin Stubbs
colin.stubbs at equatetechnologies.com.au
Wed Nov 19 11:38:41 EST 2014
Alex, you already do give your certs out to anyone who connects to your
SSL/TLS services. That's how SSL/TLS protocols work.
If you meant "gave out certs to anyone", again; there's already a heap of
CA's out there who do give out free certs, they're just not all in the
trusted CA bundles that the systems you use have.
There's also a few in there these days, such as StartCom/StartSSL.
@Ernie, it won't in the short term, and may not at all.
That's for a lot of reasons, but mostly because they havn't described the
limitations that will be applied to free certs.
e.g. will they issue Extended Verification certs for free? Probably not.
e.g. will they issue wildcard certs for free? Probably not.
e.g. will you be able to customise the alternative names list for free?
Probably not.
e.g. will you be able to customise the validity period for free? Probably
not.
Many existing CA's who already offer "free certs" have those limitations,
they only charge for the identity verification process, the cost of which
increases with the complexity required to verify who you are and what you
own.
As the vast majority of people involved in requesting and using
certificates don't know there are alternatives now, they won't know Let's
Encrypt exists after it launches, at least for a year or two. The way your
average IT monkey thinks, particularly within large enterprise, will also
mean they'll continue to go to Verisign/etc for quite some. Some of the
large corps I deal with still actually just buy their certs from GoDaddy :-(
It'd be nice see their certificate management agent integrated into network
router/switch/firewalls/etc in some way, although the verification process
would still probably need input in some way.
-Colin
On 19 November 2014 09:42, Alex Samad - Yieldbroker <
Alex.Samad at yieldbroker.com> wrote:
> Would you trust a CA who gave our certs to any one ?
>
> Alex
>
> > -----Original Message-----
> > From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
> > Ernie
> > Sent: Wednesday, 19 November 2014 10:34 AM
> > To: ausnog at lists.ausnog.net
> > Subject: [AusNOG] Lets Encrypt
> >
> > I was just reading on Slashdot this morning about a new certificate
> authority
> > caleed Let's Encrypt which is a joint effort from EFF, Mozilla, Cisco,
> and
> > Akamai to encrypt the Internet. It's going to be a non-profit
> organization that
> > issues free certificates for any website.
> >
> > https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-
> > entire-web
> >
> > https://letsencrypt.org/
> >
> > My question is, will this screw up companies like Verisign/Thawte sales?
> >
> >
> >
> > - Ernie.
> >
> >
> >
> >
> > --
> > "I Ping therefore I am."
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141119/108488a3/attachment.html>
More information about the AusNOG
mailing list