Re: [dev] Allow secure access to Web site suckless.org

From: Dionysis Grigoropoulos <info_AT_erethon.com>
Date: Wed, 3 Aug 2016 14:34:43 +0300

On Wed, Aug 03, 2016 at 01:16:06PM +0200, FRIGN wrote:
> On Wed, 3 Aug 2016 13:10:06 +0200
> hiro <23hiro_AT_gmail.com> wrote:
>
> > are you claiming Let's Encrypt is trustworthy?!
>
> To clear this up, no, I am not. However, Let's Encrypt is not about
> certifying the server on the other end in the first place,

It certifies that whoever has the Let's Encrypt singed cert, owned the
DNS server for that domain at the time of the certificate creation.

> but providing a way for easy encrypted traffic. In my opinion, the
> best would be just to allow self-signed certificates in browsers,

Self-signed certs require a way to verify them, thus what we really need
is a web-of-trust like solution for certs and in theory we could get rid
of all of the CAs and their problems.

> but Let's Encrypt comes close enough.
>
> Cheers
>
> FRIGN
>
> --
> FRIGN <dev_AT_frign.de>
>

dgrig
Received on Wed Aug 03 2016 - 13:34:43 CEST

This archive was generated by hypermail 2.3.0 : Wed Aug 03 2016 - 13:36:18 CEST