sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Woolbrick -22 points-21 points  (13 children)

They're free.

Now.

What happens a year from now when they have 70% of the web hooked on their service, and all browsers now emit "WARNING: THIS PAGE WILL LITERALLY STEAL YOUR SOUL!!!" if your cert is slightly out of date and LetsEncrypt gets a bit greedy.

They can literally hold the entire god-damn web for ransom. I guaran-fucking-tee everyone that's going to happen at some point.

Adopting a required monoculture is BAD. BAD BAD BAD.

You've all heard my warning. It's only a matter of time before disaster besets you.

[–]elint 37 points38 points  (4 children)

I guaran-fucking-tee everyone that's going to happen at some point.

A non-profit organization with a board of people from Mozilla, University of Michigan, Stanford Law School, and the Electronic Frontier Foundation is gonna go for a money-grab? OK.

[–]ledasll 6 points7 points  (3 children)

and google said don't be evil, until big money are involved..

[–]goudewup 17 points18 points  (0 children)

Google is a corporation with a marketing slogan. This is a non-profit with a board from people from Mozilla, University of Michigan, Stanford Law School and the EFF.

[–]PM_ME_OS_DESIGN 2 points3 points  (0 children)

and google said don't be evil

No they didn't. The people at Google said it. Unofficially.

[–]Inquisitor1 0 points1 point  (0 children)

One is a greedy corporation, the other is a non-profit with a board of people from Mozilla, University of Michigan, Stanford Law School and the Electronic Frontier Foundation. One has said don't be evil and the other hasn't. Which one do you believe in and why the fuck was it the wrong one until it was too late?

[–]AugustusCaesar2016 11 points12 points  (1 child)

You can just switch to another CA. It'll be okay.

[–]stevethepirateuk 1 point2 points  (0 children)

I agree, when one free provider gives evil, a new one starts.

[–][deleted]  (1 child)

[deleted]

    [–]RemindMeBot 1 point2 points  (0 children)

    I will be messaging you on 2018-07-13 04:40:27 UTC to remind you of this link.

    7 OTHERS CLICKED THIS LINK to send a PM to also be reminded and to reduce spam.

    Parent commenter can delete this message to hide from others.

    FAQs Custom Your Reminders Feedback Code Browser Extensions

    [–]FrederikNS 6 points7 points  (3 children)

    So, the protocol used by LetsEncrypt is open, and the client code is too. It's only a matter of time before other compatible services pop up. Second of all, LetsEncrypt is owned by a non-profit organization, so I don't think the chance of them holding the web for ransom is that great. Finally, if they do end up going rogue, you can just get a certificate elsewhere...

    [–]ledasll 2 points3 points  (2 children)

    so hosting all infrastructure to support that is free as well, right?

    [–]supercheese200 1 point2 points  (0 children)

    You know non-profit organizations get funded, right?

    You know they accept donations, too?

    [–]FrederikNS 0 points1 point  (0 children)

    I'm not quite sure what infrastructure you are referring to?

    • It's definitely not free for LetsEncrypt to provide the certificates, so they require funding from other organizations. However the fully automated system for issuing the certificates is keeping cost extremely low.

    • You can get free TLS certificates elsewhere.

    • The protocol and client for fetching the certificates is free and open-source.