| HN: Pretty sure their relationship with DigiCert predates LE, why change if the current relationship is functional. Google: Browser Maintainer that runs entire TLDs, doesn't need a third party, it could just decide to trust itself and 60+% of the market follows. Amazon: Runs a massive chunk of the internet, it's already MitM'd itself and most other things, doesn't really need a third party for Certs but still uses DigiCert which predates LE and they clearly have a working relationship. Netflix: See Amazon, HN. You: Barely exist to the infrastructure of the web as people experience it. Maybe you have a static site you don't care to protect from MitM (could add some malicious scripts or whatever but who cares). Maybe you're a tiny service that offers some 50 users something, their plaintext auth probably shouldn't be readable to just anyone along the network path, but they're not paying you for services so you might not wanna spend much money on that service. Use LE. Also, if you think LE as a company has the ability to take sites with it if it goes down, you don't really understand Web PKI. At most likely within a year to 3 months you'd need to find a new place if their signatures expire. At worst someone could pretend to be you, but still not read that traffic protected by the old cert. Why so salty about LE? Especially from a "seasoned" SysEng? Didn't it just make your job easier and safer for those with slightly less experience? |
Because it's required, I don't know the companies, I can't trust the companies. I just not happy that four companies run the worlds SSL. There should be another technology that caters to such without having to put all the keys in one basket.
> Didn't it just make your job easier and safer for those with slightly less experience?
No. It makes it harder, because your not teaching someone anyone thing you tell them "click here, click that, done"