ban...@openmailbox.org writes: > How secure is Lets Encrypt compared to a pinned self signed cert? > Can Lets Encrypt be subverted by NSLs?
You can use pinning with Let's Encrypt certs too. The default client behavior changes the subject key on every renewal, but I can add a feature to keep the old key if you want to pin at the key level. We don't know how large the risk of legally-compelled misissuance is, but we have lots of lawyers who would be excited to fight very hard against it. I think that makes us a less attractive target than other CAs that might not find it as objectionable or have as many lawyers standing by to challenge it. Remember that (without CA-level pinning) users are always at risk from misissuance by any CA that they trust, not just the CA that you specifically chose to use. For example, google.com was attacked (successfully at first) with misissued certs from DigiNotar even though Google had no relationship with DigiNotar at all. We also publish all of the certs that we issue in Certificate Transparency. You can watch the CT logs for your domain or other certs that you care about. If you ever see a cert in CT for your domain that you didn't request, please make a big deal out of it. Likewise, if you ever see a valid cert in the wild from Let's Encrypt that doesn't appear in the CT logs, please make a very big deal out of it. At some point it should become possible to get browsers to require inclusion CT proofs for certs from Let's Encrypt, though we don't have the tools in place for this yet. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk