Also, there are now a HUGE number of certs signed by let's encrypt. Isn't that a problem? Remember Comodo now too big to get removed?
I guess let's encrypt cannot sign intermediate CA certificates and that's a good thing, and we should have more CA like that and less CA like Comodo. Also if they are free (I still find it mindblowing that you have to pay for certificates) and are quick to implement/respect new rules directed by the cabforum. Then it is an improvement of the current internet PKI.
Now what about better/other solutions to secure internet? I'm still scared of having to trust thousands of CAs that all have the same power.
For DV certificates: You pay a shitload of money for a single email.
Ignoring the sibling comment (most of these CAs aren't trustworthy as far as I'm concerned): The price is highly inflated and that translates to bile and disgust whenever I think of CAs or the CA model.
Yeah, I suggest them changing the title to something that says it's letsencrypt. Had I not glanced here, I'd have totally skipped it thinking it was some scare tactics from security industry or government to push their agendas with.
2. so let's create another CA!
The transition here was weird.
Also, there are now a HUGE number of certs signed by let's encrypt. Isn't that a problem? Remember Comodo now too big to get removed?
I guess let's encrypt cannot sign intermediate CA certificates and that's a good thing, and we should have more CA like that and less CA like Comodo. Also if they are free (I still find it mindblowing that you have to pay for certificates) and are quick to implement/respect new rules directed by the cabforum. Then it is an improvement of the current internet PKI.
Now what about better/other solutions to secure internet? I'm still scared of having to trust thousands of CAs that all have the same power.