You don’t own the root certificate even when you aren’t using Let’s Encrypt, unless you self sign or want to become a certificate authority. Am I missing something? Is there some controversy about Let’s Encrypt I’m unaware of?
I just mean they own it, I know that you can’t decrypt encrypted messages with root certificate, but you can abuse it in the case of being man in the middle. Of course I don’t think that let’s encrypt are doing that, but there other entities that would really enjoy having that toolset for hundred of millions of services that rely on let’s encrypt.
And if you look at the ones who sponsor Lets encrypt, I don’t think that any of them would bat an eye (except for EFF) if for instance the pedophile chief decided that they need to change leadership. Or hey, we NSA also have access to the credentials to the root certificate.
Something being free is not always the best option, when it comes to security. And it’s not impossible that such a large entity can become compromised through pressure, especially when they live on support from private organizations, who have time and time again, shown that they are not trust worthy and would choose to do unethical thing, if that benefits them.
I’m a little confused why you view this as an issue because in the alternative, manually installing certificates instead of using Let’s Encrypt’s tool, you still wouldn’t own the root certificate.
And who owns the root certificate?
You don’t own the root certificate even when you aren’t using Let’s Encrypt, unless you self sign or want to become a certificate authority. Am I missing something? Is there some controversy about Let’s Encrypt I’m unaware of?
I just mean they own it, I know that you can’t decrypt encrypted messages with root certificate, but you can abuse it in the case of being man in the middle. Of course I don’t think that let’s encrypt are doing that, but there other entities that would really enjoy having that toolset for hundred of millions of services that rely on let’s encrypt.
And if you look at the ones who sponsor Lets encrypt, I don’t think that any of them would bat an eye (except for EFF) if for instance the pedophile chief decided that they need to change leadership. Or hey, we NSA also have access to the credentials to the root certificate.
Something being free is not always the best option, when it comes to security. And it’s not impossible that such a large entity can become compromised through pressure, especially when they live on support from private organizations, who have time and time again, shown that they are not trust worthy and would choose to do unethical thing, if that benefits them.
I’m a little confused why you view this as an issue because in the alternative, manually installing certificates instead of using Let’s Encrypt’s tool, you still wouldn’t own the root certificate.