Follow

Given that some CI-Systems and IDS currently are significantly impacted by the US-Government-Shitdown, take a moment to think about this:

Imagine if Let's Encrypt were run by the US-Government…

The free certificate authority, which is the largest and most widely used cert provider in the world is a significant single point of failure for IT systems all over our planet.

As much as I endorse their services, we MUST build equivalent alternatives in the EU, Asia, Africa, Oceania.

· whalebird · 5 · 58 · 45

@MacLemon

That's why I'm still an advocate of self-signed and self-maintained certs. I'd like to see a web of trust, as for PGP.

@MacLemon
Kind of along those lines...
NTP, an underpinning of pretty much everything, has one guy maintaining it. Or at least it did a couple years ago.
informationweek.com/cloud/infr
One guy!

@MacLemon while I agree that some variety would be nice (if unrealistic: running this is nontrivial, and engineers are expensive), it is not actually a spot: commercial competitors exist.

@MacLemon you mean like Buypass (Norway) and GlobalSign (Belgium/Japan)?
(from en.wikipedia.org/wiki/Automate)
It's just that we don't use them as much as LE :/

@MacLemon The ACME standards are even IETF standards and everything is open source software. The problems seems to be that it is expensive to run a CA at scale, and it is a lot of work to get your root certs included in browsers.

A model where there was an organisation that helps bootstrap and funnel funds to partner organisations that in turn run CAs might work (like torservers does for Tor exit relays).

Every time I think about this though I think about how much trust you can really put into TLS certficates and it makes me really sad. It's not just an issue if Let's Encrypt goes down, imagine if it is compromised, that's a lot of certs that you just then can't trust because you don't know if they were issued correctly. (Having ACME be an IETF standard does help with this because it gets reviewed by smart people, but even smart people can make mistakes.)
Sign in to participate in the conversation
chaos.social

chaos.social - because anarchy is much more fun with friends.
chaos.social is a small Mastodon instance for and by the Chaos community surrounding the Chaos Computer Club. We provide a small community space - Be excellent to each other, and have a look at what that means around here.
Follow @ordnung for low-traffic instance-related updates.
The primary instance languages are German and English.