Reply to post:

Vapourware no more: Let's Encrypt announces first cert dates

An0n C0w4rd

1) free (basic, i.e. not the EV ones that give the green flag on the address bar) are already available and honestly not that complicated to get (installation can still be a pain)

2) so far no-one seems to have solved the underlying trust issue (i.e. can we trust that the CA issued that cert to the entity you think you're connecting to), other than relying on dnssec, which isn't widespread enough yet to make a noticeable difference (RFC 6698). Even DANE is not without potential issues, since it can be used to make phishing sites look legitimate ( see https://www.imperialviolet.org/2011/06/16/dnssecchrome.html )

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022