On 4/16/15 07:16, david.a.p.ll...@gmail.com wrote:
For example: - You say "there is only secure/not secure". Traditionally, we have things like defense in depth, and multiple levels of different sources of authentication. I am hearing: "You will either have a Let's Encrypt certificate or you don't". Heck, let's get rid of EV certificate validation too while we are at it: we don't want to have to do special vetting for banking and medical websites, because that doesn't fit in with Let's Encrypt's business model.
You're pretty far off in the weeds here. I'll try to help you with some of your misconceptions.
First, no one is proposing that Let's Encrypt should become the sole source of TLS certificates. Let's Encrypt was started to solve a specific set of valid complaints about the complexity and financial issues surrounding acquiring a TLS certificate for certain individuals.
Second, Let's Encrypt is run by ISRG, not Mozilla -- Mozilla is one of several supporters for ISRG, but we are separate entities.
Finally, ISRG is a 501(c)(3) non-profit public benefit corporation. There's no business model in the traditional sense, since the goal is not profit. The goal is to fulfill its mission, which is "to reduce financial, technological, and education barriers to secure communication over the Internet." Accusing ISRG of having a pro-TLS agenda is akin to accusing a soup kitchen of having a pro-soup agenda: it shows a fundamental misunderstanding of what they're doing and why.
- You don't want to hear about non-centralized security models. DANE...
...is a centralized security model. The difference is that you're trading a set of predominantly commercial CA entities for a different set of governmental or governmentally-contracted entities. It is arguably more centralized than the current CA system.
-- Adam Roach Principal Platform Engineer a...@mozilla.com +1 650 903 0800 x863 _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
