Hacker News new | past | comments | ask | show | jobs | submit login

Again, I'm not saying that the two year expiration date means "v1 stops working".

Rather, "after this point, no new domains may setup via v1", so any existing certificates and installations are grandfathered. Two years is sufficient for MIAB to update their software and distribute to users.

>LE is that alternative, but not if we start breaking backwards compatibility every 2 years.

Not what I'm saying either. They have a v2 now, we don't know if they need a v3. And they want to keep v1 running for a while.

But there will be a point where v1 will need to be switched off, similar to how modern browsers have switched off SSLv1 despite a lot of people still having servers running with that.

LE will, at some point, have to decide between keeping v1 running or moving away from old protocols to be able to evolve. And that cannot be infinitely pushed backwards.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact