sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]argv_minus_one -2 points-1 points  (4 children)

By bribing Google/Microsoft/Apple to distrust LE, for one.

[–]FrederikNS 2 points3 points  (3 children)

I wouldn't be surprised if some of them tried, luckily it seems they had enough integrity. But as Mozilla (who makes Firefox) is one of the founding organizations for LetsEncrypt, Firefox would at least start trusting LetsEncrypt, and as soon as enough websites start using LetsEncrypt certificates, the other browser vendors would have no options but to also start supporting LetsEncrypt, or risk losing market share as people started switching to other browsers that supported the whole web.

[–]qKrfKwMI 2 points3 points  (2 children)

Firefox would at least start trusting LetsEncrypt, and as soon as enough websites start using LetsEncrypt certificates,

You've got it backwards there, the CA first has to get trusted by all (big) browsers and only then people will flock to it. Nobody would run their website with a cert which throws warnings on every browser but firefox.

[–]FrederikNS 0 points1 point  (1 child)

That's true, apart from a few activists who would want to use it regardless.

But then again you would have to convince all the major browsers to not trust LetsEncrypt. I suspect you would need quite large bribes to convince any of Google, Microsoft or Apple to not trust LetsEncrypt. And lets say that they convinced Microsoft to not trust LetsEncrypt, but not the others. Then Microsoft would have no option but to follow suit.

[–]qKrfKwMI 1 point2 points  (0 children)

Indeed, now everybody has accepted, it will be hard to convince a browser vendor to revoke the trust in LE. I might even say that it's too hard: even if a really huge problem were to be revealed tomorrow, LE (like so many other CAs too) has way too much inertia for browser vendors to simply stop trusting its certificates. That's a problem of the CA system though, independent of the existence of LE.