Hacker News new | past | comments | ask | show | jobs | submit login

Thing is, even if LetsEncrypt were less secure (I don't really think it is, but lets assume), that would hurt the security of every website.

If you use a paid CA, someone trying to impersonate you could still go to lets-encrypt and get a certificate there. In other words, the system is only ever as secure as its weakest link. It doesn't matter what link you chose, it matters what link a potential attacker would use.

All of this is because failure of a CA only means false certificates are issued. Its not like lets encrypt ever could get access to any of your private key material.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: