Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
GuB-42 6 hours ago

Another one that worries me is Let's Encrypt.

It is not as bad as Cloudflare or AWS because certificates will not expire the instant there is an outage, but considers that:

- It serves about 2/3 of all websites

- TLS is becoming more and more critical over time. If certificates fail, the web may as well be down

- Certificate lifetimes are becoming shorter and shorter, now 90 days, but Let's Encrypt is now considering 6 days, with 47 days being planned as a minimum

- An outage is one thing, but should a compromise happen, that would be even more catastrophic

Let's Encrypt is a good guy now, but remember that Google used to be a good guy in the 2000s too!

phasmantistes 3 hours ago | parent | next [-]

(Disclaimer: I am tech lead of Let's Encrypt software engineering)

I'm also concerned about LE being a single point of failure for the internet! I really wish there were other free and open CAs out there. Our goal is to encrypt the web, not to perpetuate ourselves.

That said, I'm not sure the line of reasoning here really holds up? There's a big difference between this three-hour outage and the multi-day outage that would be necessary to prevent certificate renewal, even with 6-day certs. And there's an even bigger difference between this sort of network disruption and the kind of compromise that would be necessary to take LE out permanently.

So while yes, I share your fear about the internet-wide impact of total Let's Encrypt collapse, I don't think that these situations are particularly analogous.

seniorThrowaway 6 hours ago | parent | prev | next [-]

Agree, I’ve thought about this one too. The history of SSL/TLS certs is pretty hacky anyway in my opinion. The main problem they are solving really should have been solved at the network layer with ubiquitous IPsec and key distribution via DNS since most users just blindly trust whatever root CAs ship with their browser or OS, and the ecosystem has been full of implementation and operational issues.

Let’s Encrypt is great at making the existing system less painful, and there are a few alternatives like ZeroSSL, but all of this automation is basically a pile of workarounds on top of a fundamentally inappropriate design.

rtkwe 5 hours ago | parent [-]

There's not really a way around the initial trust problem with consumer oriented certs though. Yours could reduce the number of initially trusted down to one I think but not any further.

b00ty4breakfast 5 hours ago | parent | prev [-]

Google was always a for-profit operation. Let's Encrypt/ISRG could still go rotten but there are less incentives for them to do so as a non-profit.