On Fri, 15 Oct 2021, Michael wrote:
I prefer to think that the company I pay $$ to for a cert, makes enough
they don't have to sell our data. Remember, each lookup against Let's
Encrypt shares information, that can be resold.
Sorry, but that is simply wrong. It's not how SSL works.
The whole point of the signature chain from a CA certificate is so that a
client can check any cert against its local list of signers, without
any external queries. In theory a client can use OCSP to ask a signer
whether a cert has been revoked, in practice nobody does because it's slow
and revocations are rare.
Let's Encrypt is run by the Internet Security Research Group, a Californa
non-profit funded by large gifts from organizations like Cisco, Facebook,
Akamai, Amazon, EFF, ISOC and the Ford and Gates foundations, and small
gifts from people like me. I happen to know a few of their directors and
technical advisory board members, and I expect you do, too. FWIW, their
privacy policy specifically says that the do not sell user information
including OCSP queries, but it would make no sense for them to do so.
If you want online verification of certs, that's DNSSEC and DANE, but for
a variety of political and technical reasons, hardly anyone other than
Comcast uses them for mail.
R's,
John
PS: Looking at the privacy policy for Sectigo, the new name for Comodo, I
see:
Re-Targeting
Sectigo has relationships with third-party advertising companies and
permits the operation of a retargeting consumer marketing program. These
third-party advertisers may place cookies on your computer for the
collection of pseudonymised consumer information, but they do not collect
personal information and we do not give them personal information. This
Privacy Policy does not apply to these third-party advertisers but if you
would like additional information, please visit Network Advertising
Initiative at www.networkadvertising.org/managing/opt_out.asp, which also
allows you to opt-out of such retargeting programs.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
