Hacker News new | ask | show | jobs
by joering2 3726 days ago
hmm sponsors not "only give money"... they usually expect something in return - which is understandable.

To me this is a deal-breaker. Cisco did so many bad things in the past in terms of privacy that the only good news is that now I know to stay away from LetsEncrypt.
1 comments
pfg 3726 days ago
Could you elaborate on how Cisco being a sponsor affects your trust in Let's Encrypt? It's in the nature of the CA system that it's only as strong as its weakest link, and there are dozens if not hundreds of CAs of questionable trust.

This seems like a conceptual misunderstanding of how TLS works. Let's Encrypt does not have access to your private key and does not have the ability to decrypt your traffic. They put a stamp on your certificate saying "Yep, this key belongs to this domain" - that's it.

link
count 3725 days ago
Hypothetically, the risk could be that LE is now a trusted CA, Cisco could pressure to get a signed, trusted cert for anything.

I don't think that's realistic, but if we're talking conspiracy theories...

link