Hacker News new | ask | show | jobs
by nurettin 2254 days ago
> LetsEncrypt is free and issues certificates to everyone

When using free providers, you will notice that the issued to -> organization field will be empty. Free providers do not compete with company validating trust authorities. They are just developer tools.
4 comments
deadbunny 2254 days ago
What nonsense. Extended validation schemes are snake oil peddled by CAs to make more money.
link
nurettin 2254 days ago
It is all nonsense until money is involved and customers want to know that the advertised website actually belongs to your legal entity.
link
dividuum 2254 days ago
Does not help in any real way. See https://arstechnica.com/information-technology/2017/12/nope-... for an example.
link
mehrdadn 2254 days ago
There's a huge difference between "it isn't impossible to bypass" and "does not help in any real way".
link
dividuum 2254 days ago
The only reason to get EV certs is the supposedly "safe" green organization field. As demonstrated it can be circumvented by anyone with minimal monetary motivation. Why even bother in that case? I rate that as "does not help in any real way".
link
mehrdadn 2254 days ago
> As demonstrated it can be circumvented by anyone with minimal monetary motivation. Why even bother in that case?

Same goes for the lock on your door. Why do you bother? Just take it off.

link
nurettin 2253 days ago
I pointed out that letsencrypt does not compete in the same space with some providers and I get responses from internet freedom activists who don't want to acknowledge the fact. If shit is broken and doesn't work, you don't use it to make a point, you go fix it.
link
Ayesh 2254 days ago
> They are just developer tools

A CA is a CA. A developer tool would be you signing certificates with your own private CA. LetsEncrypt is often better as they support must-staple, CT timestamps in certificates themselves, and ECDSA leaf certificates support.

The snakeoil pitch would have worked 3-4 years back when browsers shows a big yellow label in address bar, but as of now, they all look the same regardless if its a DV, OV, or EV certificate unless you click your way through the certificate information.

link
toast0 2254 days ago
You might notice that, but very few other people do.
link
bassman9000 2254 days ago
No one, other than us, cares about that.
link