Dee! :heart_nb:  
You ever think about how Let's Encrypt is a crucial and centralized part of Internet infrastructure?
1+
sneak  

@Dee that's not really what centralized means. all of the issued certs work fine even if LE is totally offline.

1
Dee! :heart_nb:  
@sneak The cert issuing/renewing infrastructure is centralized. There's millions of servers that regularly contact LE itself for renewals, and if LE goes offline long enough at least a portion of them is going to have their certificates expire with no replacement.
1
sneak  

@Dee correct, but iirc the certs are good for 90 days and they renew with weeks of headroom. LE could be offline for hundreds of hours and properly configured servers would all be fine.

1
Dee! :heart_nb:  
@sneak That doesn't really change the fact that renewal is centralized
1
sneak
Follow

@Dee it's not, though - you can get issued a leaf cert from any of many different CAs, not just LE.

· 2 · 0 · 0
Dee! :heart_nb:  
@sneak Yes, but there's only one LE
0
swagg boi :hot:  

@sneak @Dee At the end of the day the root CAs are major points of failure no matter which one you go with; your SSL cert is useless unless everyone trusts the CA that issued the cert. The "decentralized" approach IMO would be everyone issuing their own certs combined with "trust on first use" like in gemini-space.

I do agree though that LE is a big deal because it's the only issuer that does simple domain-validation and is gratis; all others are organizational validation and charge you $$

1
sneak  

@swaggboi @Dee that's not what points of failure are. if the CA goes down entirely your cert still works.

1
swagg boi :hot:  

@sneak @Dee Certs are checked for revocation so the CA needs to maintain either a OCSP responder or a CRL

0
Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Trending now

Resources

Developers

What is Mastodon?

sneak.berlin

More…