Re: Certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




> Am 01.09.2018 um 12:51 schrieb Pete Biggs <pete@xxxxxxxxxxxx>:
> 
> That was until LetsEncrypt comes along - it has the backing of some big
> names and *IS* an effective business model for small and private
> customers.


What *is* the business model of Let’s Encrypt?

Are they going to issue „Pro“ certificates at some point that cost money?

Running a CA is not expensive per se - it’s the audits that the CAB (CA+Browser) Forum mandates that are expensive.

In the beginning, the certificates had a certain level of trust with them that came both from the high prices (deterring drive-by crooks) and the fact that some sort of vetting was made to ensure that nobody could have issued a certificate for a domain they didn’t really control.

But the later step is not very friendly to automation. And CAs can principally issue certificates for any domain - a fact brought home by the compromise of Dutch CA DigiNotar in the Fall 2011.
Adding to the fact is a concentration-process in the industry that leads to fewer and fewer companies that know less and less of their customers.

These days, a certificate just shows that the communication is encrypted. Whether the other endpoint is what it claims to be is of no concern to any third-party involved in setting up that communication-process.

There’s even talk about deprecating the special handling browsers have for EV-certificates from future versions of Mozilla.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux