> Am 01.09.2018 um 12:51 schrieb Pete Biggs <pete@xxxxxxxxxxxx>:
>
> That was until LetsEncrypt comes along - it has the backing of some big
> names and *IS* an effective business model for small and private
> customers.
What *is* the business model of Let’s Encrypt?
Are they going to issue „Pro“ certificates at some point that cost money?
Running a CA is not expensive per se - it’s the audits that the CAB (CA+Browser) Forum mandates that are expensive.
In the beginning, the certificates had a certain level of trust with them that came both from the high prices (deterring drive-by crooks) and the fact that some sort of vetting was made to ensure that nobody could have issued a certificate for a domain they didn’t really control.
But the later step is not very friendly to automation. And CAs can principally issue certificates for any domain - a fact brought home by the compromise of Dutch CA DigiNotar in the Fall 2011.
Adding to the fact is a concentration-process in the industry that leads to fewer and fewer companies that know less and less of their customers.
These days, a certificate just shows that the communication is encrypted. Whether the other endpoint is what it claims to be is of no concern to any third-party involved in setting up that communication-process.
There’s even talk about deprecating the special handling browsers have for EV-certificates from future versions of Mozilla.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
