Ask HN: Conspiracy theory – What motivation is behind Let's Encrypt?
Some (e.g. https://sockpuppet.org/blog/2015/01/15/against-dnssec) concluded that DNSSEC/DANE's real role would be the replacement of the TLS CA system, granting DNS-controlling entities (i.e. governments) the same cryptographic authority as CAs. Let me initiate a discussion about something that may sound absolutely ridiculous: what if Let's Encrypt was founded for the exact same long-run purpose?
The Internet Security Research Group maintaining Let's Encrypt seems quite independent. But Let's Encrypt is free. It already has 0.1% market share (https://w3techs.com/technologies/overview/ssl_certificate/all) despite being on the market for only 5 years. Isn't this simply too good to be true & trusted?
4 comments
[ 3.1 ms ] story [ 17.9 ms ] threadLE is currently a big single point of failure, and I want to be able to point my ACME client somewhere else if I need to.
I wasn't aware of Buypass and it looks awesome, unfortunately however it doesn't appear to support SAN or wildcard certificates which could be a dealbreaker for a few (that said, it could also be considered a feature).
But thanks for bringing it up and raising awareness of alternative ACME providers, I'm probably going to spend some time playing around with Buypass Go this week.
Edit: It also appears that Buypass Go certificates are valid for 180 days as opposed to Let's Encrypt's 90 days (haven't verified this yet), which is interesting. I've simply become accustomed to the 90 day LE validity, I'm curious why they went with 180 days.
Looks like a workable alternative, but it still seems to be a commercial organisation behind it though. We need something open, transparent and charitable ideally.