Hacker News new | past | comments | ask | show | jobs | submit login

So how the hell did Let's Encrypt convince the certificate cartel to let them in and undercut their products?



They got cross-signed by IdenTrust, which as I understand it were/are primarily selling EV certificates to financial institutions (which Let's Encrypt doesn't really compete with), rather than DV certificates (like most CAs out there do, including LE).

These days they are trusted directly by most browsers and OSes as the sibling comments mention, but the IdenTrust cross-signature was vital for bootstrapping and is still used for some older systems.


They didn't. The convinced the browsers and operating systems.


They didn't need to do that. They simply got their cert into browsers and OSes, and there you go.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: