I like the idea of https://letsencrypt.org/ but I kinda worry - doesn't it just create a giant single point of failure?
I mean specifically the fact that certificates are issued every 90 days. This means you hack Let's Encrypt, you get everyone.
-
-
And you only have to get away with it for three months before you have _every_ site.
-
But I guess the idea is that if you can hack that, you can get the private key, so it doesn't matter?
- Show replies
New conversation -
-
-
Sure, and the browsers immediately push updates that invalidate the compromised root CA key.
-
I think one of the ideas behind this is that with modern browser updates, you aren't as reliant on long-term root key integrity.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.