“… the market for encryption is better served by a fragmentation of privately held CAs.” I understand your threat surface argument but I don’t think the answer to that concern isn’t to close down Let’s Encrypt and go back to how things were years ago, with companies developing potentially pointless products for the sake of profit over security.

A better position might have been to celebrate improved security, because the trustworthy & friendly view of the world the web was born into doesn’t match reality so security now needs to be the default. But then call for more providers to compete with Let’s Encrypt, or some other method that reduces the risk, without rolling back what is a significant and wide-ranging improvement. I’m all for making things better and that tends to come from moving forward, not rolling back.

Written by

Solution Architect based in Oslo https://www.linkedin.com/in/dominicrobinson

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store