Hi Robert, all: As a disclaimer, I'm not an engineer/programmer, so I don't know all the technical specifications. However, I am a big advocate for Let's Encrypt, and think it sends a strong message about the service they offer if the RIPE community and NCC endorses them for our networks and infrastructure. So, take my vote with a grain of salt, but I say let's do it (barring any kind of technical issue that I'm simply not aware of).
Best, -Michael On Tue, Sep 3, 2019 at 9:58 AM Robert Kisteleki <rob...@ripe.net> wrote: > > > Still no one has answered why ripe is using self signed certs for anchor > > when they can use let's encrypt for free... > > TL;DR if the community prefers it we use LE (+TLSA). > > This comes with the expense of some one-time and ongoing operational > work. Considering that anchors don't host any sensitive information, > using self-signed certs (+TLSA) was so far considered good enough. > > Regards, > Robert > >
