←back to thread

543 points gslin | 1 comments | | HN request time: 0.209s | source
Show context
account42 ◴[] No.42192057[source]
I'm kinda mixed on LE.

It's nice that you can now get free TLS certs without having to resort to shady outfits like StartSSL. This allows any website to easily move to HTTPS, which has basically elimated sensitive data (including logins) from being sent over unencrypted connections.

On the otherhand, this reinforces the inherently proken trust model of TLS certificates where any certificate authority (and a lot of them are controlled by outright hostile entities) has the ability to issue certificates for your domain without your involvement. Yes there are tons of kludges to try and mitigate this design flaw (CAA records, certificate transparency) but they don't 100% solve the issue. If not for LE perhaps there would have been more motivation to implement support for a saner trust mechanism by now that limmits certificate issuance to those entities who actually have any authority to decide over domain ownership, like with DNSSEC+DANE.

I'm also concerned with the (intentional) lack of backwards compatibility with moving sites to TLS, which is not just a one time TLS on/off issue but a continual deprecation of protocols and ciphers. This is warranted for things that need to be secure like banking or email but shouldn't really be needed to view a recipe or other similar static and non-critical information. Concerns about network operators inserting ads or other shit are better solved with regulation.

replies(1): >>42192085 #
1. rocqua ◴[] No.42192085[source]
> If not for LE perhaps there would have been more motivation to implement support for a saner trust mechanism by now

I would argue that LE has only highlighted these problems, and now actually causes people with power to worry about them.

There is a chance we would have gotten something better than TLS if the lack of LE kept certificates a pain. But that seems unlikely to me. Because the fundamental problem remains hard.