Reply to post:

Let's Encrypt gets automation

Anonymous Coward
Anonymous Coward

"Certificates are there to ensure Bob is really Bob" -- LDS

I understand what you are saying in terms of worrying that this is weakening TLS, but the weakness was already there. Users have to realise what it is that they are using to trust that Bob is Bob. You don't have to install a LE root cert (or keep one installed), after all.

There's a lot of other good reasons to encrypt the entire web than 'sticking it to the NSA' One of these is that access to other peoples credentials and web content is often a big security risk in itself --- probably bigger than the MITM risks we are talking about.

In the end people will have to learn that it isn't just 'padlock or no padlock' but that they need some indication of certificate quality. We could certainly do with speeding up DNSSEC for example. But I don't think Lets Encrypt really weakens TLS --- rather it makes people aware of the weaknesses inherent within it (and any digital certificate scheme).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon