Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Conspiracy theory – What motivation is behind Let's Encrypt?
7 points by luczsoma on June 9, 2019 | hide | past | favorite | 4 comments
Some (e.g. https://sockpuppet.org/blog/2015/01/15/against-dnssec) concluded that DNSSEC/DANE's real role would be the replacement of the TLS CA system, granting DNS-controlling entities (i.e. governments) the same cryptographic authority as CAs. Let me initiate a discussion about something that may sound absolutely ridiculous: what if Let's Encrypt was founded for the exact same long-run purpose?

The Internet Security Research Group maintaining Let's Encrypt seems quite independent. But Let's Encrypt is free. It already has 0.1% market share (https://w3techs.com/technologies/overview/ssl_certificate/all) despite being on the market for only 5 years. Isn't this simply too good to be true & trusted?




I don't personally think there's a conspiracy, but I'd definitely like to see an LE 'competitor' - one that is equally as free and open, but not in any way related to the ISRG.

LE is currently a big single point of failure, and I want to be able to point my ACME client somewhere else if I need to.


Have you checked out Buypass? https://www.buypass.com/ssl/products/acme


Not the person you're replying to, but I'm a huge fan of Let's Encrypt and ACME.

I wasn't aware of Buypass and it looks awesome, unfortunately however it doesn't appear to support SAN or wildcard certificates which could be a dealbreaker for a few (that said, it could also be considered a feature).

But thanks for bringing it up and raising awareness of alternative ACME providers, I'm probably going to spend some time playing around with Buypass Go this week.

Edit: It also appears that Buypass Go certificates are valid for 180 days as opposed to Let's Encrypt's 90 days (haven't verified this yet), which is interesting. I've simply become accustomed to the 90 day LE validity, I'm curious why they went with 180 days.


Ah yes I've heard of them - I remember Scott Helme blogging about them a while ago.

Looks like a workable alternative, but it still seems to be a commercial organisation behind it though. We need something open, transparent and charitable ideally.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: