Absolutely! Let's Encrypt sounds awesome, super-easy, and the price is right.
But I'm thinking of cases like Lavabit where a judge forced the site operator to release the private key. Or the opposite - could a government restrict access to a site by forcing the CA to revoke certificates? I guess you could just get another certificate from another CA but what if they are all ordered to revoke you - like in some future world government or something... This example is extreme but security is not about the norm, it's about the fringe cases. I just wish we could have an encryption scheme that doesn't need any third-party authority, before we start punishing those who don't use it. That's all. On Tuesday, 20 December 2016 10:47:33 UTC-7, Jim Blandy wrote: > Can't people use Let's Encrypt to obtain a certificate for free without the > usual CA run-around? > > https://letsencrypt.org/getting-started/ > > "Let’s Encrypt is a free, automated, and open certificate authority brought > to you by the non-profit Internet Security Research Group (ISRG)." > > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
