On Tue, Dec 20, 2016 at 10:28 AM, Cody Wohlers <cody.wohl...@gmail.com> wrote:
> Absolutely! Let's Encrypt sounds awesome, super-easy, and the price is > right. > > But I'm thinking of cases like Lavabit where a judge forced the site > operator to release the private key. Or the opposite - could a government > restrict access to a site by forcing the CA to revoke certificates? I > guess you could just get another certificate from another CA but what if > they are all ordered to revoke you - like in some future world government > or something... > Certainly a government could do that, but it's easier to just go after the DNS. This example is extreme but security is not about the norm, it's about the > fringe cases. I just wish we could have an encryption scheme that doesn't > need any third-party authority, before we start punishing those who don't > use it. That's all. > As long as sites are identified by domain names and want those names to be tied to real world identities, I don't see anything like that one the horizon (i.e., I'm not aware of any technology which would let you do it). -Ekr > On Tuesday, 20 December 2016 10:47:33 UTC-7, Jim Blandy wrote: > > Can't people use Let's Encrypt to obtain a certificate for free without > the > > usual CA run-around? > > > > https://letsencrypt.org/getting-started/ > > > > "Let’s Encrypt is a free, automated, and open certificate authority > brought > > to you by the non-profit Internet Security Research Group (ISRG)." > > > > > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
