[AusNOG] Lets Encrypt
Mark Andrews
marka at isc.org
Wed Nov 19 11:01:30 EST 2014
In message <20141118234925.GS5614 at hezmatt.org>, Matt Palmer writes:
> On Wed, Nov 19, 2014 at 09:34:04AM +1000, Ernie wrote:
> > https://letsencrypt.org/
> >
> > My question is, will this screw up companies like Verisign/Thawte sales?
>
> Not much, if any. People who want cheap/free certs already, for the most
> part, know where to get them from. The more "premium" brands make their
> money via the brand, offering insurance (as much of a crock as it is),
> higher-validation (OV/EV) certificates, and other signalling effects that
> are unrelated to the *technical* product being offered.
>
> That being said, Let's Encrypt is a *great* initiative, and I'm 100% behind
> it. Making certificate issuance easier (to the point of being entirely
> automated) via the ACME protocol will massively reduce the barrier to TLS
> deployment, which can only serve to benefit the confidentiality of traffic
> on the Internet.
>
> - Matt
Or we could just deploy DANE and not require a CA to issue CERTs.
According to http://www.auda.org.au/industry-information/au-domains/dnssec/
the DS records for AU should have been added to the root zone back on 28th
of October.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the AusNOG
mailing list