Reply to post:

Let's Encrypt gets automation

LDS Silver badge

You don't really need a certificate to encrypt a channel with a session key. Algorithms like Diffie-Hellman work perfectly without a certificate. Just, the designer of SSL/TLS understood that without authentication of the parties, you can't really be sure who Bob is, if you don't have any mean to check it.

Certificates are there to ensure Bob is really Bob. Once anybody can ask a certificate for Bob and no one checks if he's really Bob, well, basically you're removing the protection offered by certificates. They're downgrading TLS security, and can't see the consequences, just to say "take that, NSA!". Childish.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon