[HN Gopher] Let's Encrypt Receives the Levchin Prize for Real-Wo... ___________________________________________________________________ Let's Encrypt Receives the Levchin Prize for Real-World Cryptography Author : deaddabe Score : 110 points Date : 2022-04-13 18:34 UTC (4 hours ago) (HTM) web link (letsencrypt.org) (TXT) w3m dump (letsencrypt.org) | bombcar wrote: | The main thing I'm thankful for Let's Encrypt for is breaking the | idea that an SSL-secured website is somehow magically _less | likely_ to be phishing or even anything but claiming it 's the | data from the domain you connected to, without changes. | | Mainly this was propagated by EV cert sellers, but it was all | kinda silly. | lukeschlather wrote: | That idea is unfortunately alive and well. Many organizations | require it, much like they require 90-day password rotation and | other questionable security standards. | recursive wrote: | There are plenty of good reasons to require it. Proving a | trustworthy counter-party for the request is just not one of | them. | gunapologist99 wrote: | Ironic that 90 day certificate rotation makes even less sense | than 90 day password rotation. | tialaramex wrote: | Let's Encrypt's own community forums get posts every day from | people saying, wait, I got scammed/ phished/ whatever on this | site, it has your certificate, shouldn't you shut it down? They | do have a page to link those enquiries to, explaining the | policy (and indeed they even have standard _legal briefs_ | because periodically lawyers get the same idea and a court has | to be told why that 's wrong). | | It would be interesting to know if, say, US citizens write to | the Department of State saying hey, revoke this guy's passport, | I heard he ripped off somebody on Craig's List... | achillean wrote: | Use of Lets Encrypt has grown steadily over the years: | | https://trends.shodan.io/search?query=ssl%3A%22Let+s+Encrypt... | | Its use is also growing in mail servers so it's not limited to | HTTPS: | | https://trends.shodan.io/search?query=ssl%3A%22Let+s+Encrypt... | nonrandomstring wrote: | "Let's Encrypt is currently used by more than 280 million | websites, issuing between two and three million certificates per | day. I often think about how we got here, looking for some nugget | of wisdom that might be useful to others." | | I guess it's keep trying. Keep patiently explaining, educating | and building. | | I remember people saying "You'll never be able to topple the | certs racket" - and here we are... in a age where every day I | read about how we'll 'never' be able to break the big-tech | stranglehold and build a distributed network owned by the people, | 'never' have privacy and real end-to-end encryption because | 'nobody cares', 'never' have practical p2p digital currencies of | our own, and where we'll never have open, verifiable hardware. | Keep believing. ___________________________________________________________________ (page generated 2022-04-13 23:01 UTC)