[Shoothe]

> I can't speak to Let's Encrypt, but the bigger companies that make their money in the CA space are insanely serious about security.

That's really what I'm interested in, very high level security / operations standards. Not that I'm intending on running the CA myself but it's easier to understand daily trade offs knowing how it would be done if extremely high standards were absolutely necessary.

Unfortunately there is not much reading material online on this subject (I understand it may not be super interesting subject for most people) but reading the CPS really shed some light.

Thanks for your comment!