[toomuchtodo]

> This is not what regular style certificates verify. That is what Extended Validation certificates verify and they're not issued by letsencrypt.org and generally are a lot more expensive.

I'd like to see LetsEncrypt move into this territory though. What current private business providers are charging for this service is border-line extortion.

[schoen]

EV validation will have a marginal cost because of the offline interactions. DV can be done at almost no marginal cost. That's why Let's Encrypt can exist at all.

[icebraining]

FWIW, you can already get an SSL cert for $4/year.

[Buge]

"this territory" was referring to EV certificates. Those cost more than $4.

[icebraining]

I misread the post, sorry :|

[lifeisstillgood]

But the certificate is (supposed) to say we have verified that this person / organisation exists and is "allowed" this domain.

Now if we extend the idea of every business or even human having their own (sub)-domain (lots of good benefits there) then we are in the territory of ensuring the CA's track you from birth - that's what governments do, and boy are they expensive.

I think what I am saying is we either have CA we can trust or we dump the whole thing and go to web of trust

[tokenizerrr]

That ship has sailed years ago. And now we have EV certificates to deal with that problem.

[schoen]

For the time being, it's DNS registrars who define who is allowed particular domain names, and DV CAs just try to draw the connection between what the registrars have said and the server you're visiting at a particular moment.