[dandanio]

If you can't secure your mail server, you certainly can't secure your web server. Letsencrypt, please rethink your decision!

[dlgeek]

They don't have a choice - the decision comes from Chrome's root program and if they don't comply, LetsEncrypt would be distrusted by Chrome.

[Attrecomet]

Is it really that clear that Google has more power here? Whom would users blame if suddenly half their pages are falsely accused of being "untrusted"? Probably the browser, not LE, right?

[phasmantistes]

That's not leverage that a CA can use. If half the internet suddenly displays TLS warning interstitials, it doesn't make people mad at the CA, and it doesn't make people mad at their browser: it just _trains them to ignore such warnings_. That's a bad outcome all around, and one that a CA whose core purpose is improving security for end-users cannot condone.

[arccy]

most smtp servers don't use client certs, there's almost nothing that requires their clients to use client cert auth.

mail servers will continue working along just fine.