<div dir="ltr"><div><div><br></div>Alex, you already do give your certs out to anyone who connects to your SSL/TLS services. That's how SSL/TLS protocols work.<br><br></div><div>If you meant "gave out certs to anyone", again; there's already a heap of CA's out there who do give out free certs, they're just not all in the trusted CA bundles that the systems you use have.<br></div><div class="gmail_extra"><br>There's also a few in there these days, such as StartCom/StartSSL.<br><br></div><div class="gmail_extra">@Ernie, it won't in the short term, and may not at all.<br><br>That's for a lot of reasons, but mostly because they havn't described the limitations that will be applied to free certs.<br><br>e.g. will they issue Extended Verification certs for free? Probably not.<br>e.g. will they issue wildcard certs for free? Probably not.<br>e.g. will you be able to customise the alternative names list for free? Probably not.<br>e.g. will you be able to customise the validity period for free? Probably not.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Many existing CA's who already offer "free certs" have those limitations, they only charge for the identity verification process, the cost of which increases with the complexity required to verify who you are and what you own.<br></div><div class="gmail_extra"><br>As the vast majority of people involved in requesting and using certificates don't know there are alternatives now, they won't know Let's Encrypt exists after it launches, at least for a year or two. The way your average IT monkey thinks, particularly within large enterprise, will also mean they'll continue to go to Verisign/etc for quite some. Some of the large corps I deal with still actually just buy their certs from GoDaddy :-(<br><br></div><div class="gmail_extra">It'd be nice see their certificate management agent integrated into network router/switch/firewalls/etc in some way, although the verification process would still probably need input in some way.<br></div><div class="gmail_extra"><br><div class="gmail_extra">-Colin<br></div><br><br><div class="gmail_quote">On 19 November 2014 09:42, Alex Samad - Yieldbroker <span dir="ltr"><<a href="mailto:Alex.Samad@yieldbroker.com" target="_blank">Alex.Samad@yieldbroker.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Would you trust a CA who gave our certs to any one ?<br>
<span class=""><font color="#888888"><br>
Alex<br>
</font></span><div class=""><div class="h5"><br>
> -----Original Message-----<br>
> From: AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>] On Behalf Of<br>
> Ernie<br>
> Sent: Wednesday, 19 November 2014 10:34 AM<br>
> To: <a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a><br>
> Subject: [AusNOG] Lets Encrypt<br>
><br>
> I was just reading on Slashdot this morning about a new certificate authority<br>
> caleed Let's Encrypt which is a joint effort from EFF, Mozilla, Cisco, and<br>
> Akamai to encrypt the Internet. It's going to be a non-profit organization that<br>
> issues free certificates for any website.<br>
><br>
> <a href="https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-" target="_blank">https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-</a><br>
> entire-web<br>
><br>
> <a href="https://letsencrypt.org/" target="_blank">https://letsencrypt.org/</a><br>
><br>
> My question is, will this screw up companies like Verisign/Thawte sales?<br>
><br>
><br>
><br>
> - Ernie.<br>
><br>
><br>
><br>
><br>
> --<br>
> "I Ping therefore I am."<br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div></div></blockquote></div><br></div></div>