←back to thread

Let's Encrypt is 10 years old now

(letsencrypt.org)
491 points gslin | 1 comments | 20 Nov 24 06:13 UTC | HN request time: 0.213s | source
Show context
wannacboatmovie ◴[20 Nov 24 07:55 UTC] No.42191675[source]
Nothing makes me trust a site with my payment info more than seeing a LE or domain-validated certificate with no ownership details in the DN.
replies(3): >>42191704 #>>42192128 #>>42192826 #
aaomidi ◴[20 Nov 24 08:02 UTC] No.42191704[source]
The rate of misissuance of EV and OV is much higher than DV.
replies(1): >>42191748 #
wannacboatmovie ◴[20 Nov 24 08:13 UTC] No.42191748[source]
Source? I'm not questioning it, I'd like to know more. DV always seemed vulnerable to DNS tampering.
replies(2): >>42191943 #>>42200064 #
1. ta1243 ◴[20 Nov 24 08:47 UTC] No.42191943[source]
And EV is vulnerable to a fancy looking fax (remember them?)

Do you really check your site has an EV every single time? Especially now browsers treat them the same?

If not, how do you know someone hasn't got a DV certificate for this specific visit?

Scott Helme has a thorough takedown of them, and that was 7 years ago when they were still a thing.

https://scotthelme.co.uk/are-ev-certificates-worth-the-paper...