Hacker News new | ask | show | jobs
by AndyMcConachie 1377 days ago
Imagine Let's Encrypt disappeared tomorrow. Not an outage, but just up and vanished from the face of the earth. Maybe they get raided by the FBI. Maybe all of their engineers suddenly die. Whatever, it's gone.

How much of the encrypted web would cease to function and when? We'd still have their certs in our browsers, but no one would be able to get a new cert. Many would revert back to unencrypted because they don't want to pay for a cert.

It's an interesting thought exercise. I'm all for the encrypted web, but I would like to see the eggs spread across more baskets.
4 comments
tamrix 1377 days ago
There's a Web3 project called Dane. Which seeks to add CAs to the blockchain. I suppose if successful, you wouldn't need to trust a company but instead a blockchain. But with all the web3 hate these days, it probably won't see the light of day.
link
account42 1376 days ago
That's funny because we already have DANE [0] for DNS-based certificates and that's precisely the right place for domain-validated certs. No blockchain needed.

[0] https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Na...

link
benjojo12 1377 days ago
There exist other free ACME providers, let's encrypt was just the first and biggest
link
tenebrisalietum 1376 days ago
All browsers (even smartphones) support importing certificate files. The exception are Windows PCs on domain lockdown. Non-corporate-supported browsers might transition to being more friendly to this process instead of the unhelpful and scary SSL warnings provided now.

Phone app traffic that isn't through a browser would be in a rougher situation, but it would be solveable by your major phone app store providers offering their own root certificates. Since there is only Google and Android, any app provider wanting to target all smartphone users would have to get a cert from one of them, and it would probably be rolled into any developer fees and sold as part of a larger security program.

link
smoppi 1375 days ago
> Non-corporate-supported browsers might transition to being more friendly to this process instead of the unhelpful and scary SSL warnings provided now.

That's exactly what I would like to see happening. The current warnings make no sense and they only make security worse.

Browsers are not different from any other applications at this.

link
easrng 1377 days ago
ZeroSSL and Google both have free ACME CAs, tho Google needs a special step the first time iirc.
link