| ▲ | walrus01 11 hours ago | ||||||||||||||||||||||
Considering the open source nature of Letsencrypt, I wonder what the barriers/costs would be (theoretically) to a wealthy benefactor who wanted to duplicate its server side infrastructure and a core staffing level of persons, and fund a "parallel" equally trusted, alternative entity with a solid governing board. Same general idea how Acton funded the Signal foundation. Somewhere that none of the physical infrastructure/hosting environment overlapped with existing Letsencrypt stuff so that the failure of one entity would have zero blast radius affecting the other. I know there's a long and complicated process to go through to become a trusted root CA and get your CA public cert auto-installed in every OS and browser trust store. Indeed in the early days of letsencrypt I recall their root CA certs were signed by other older root CAs. | |||||||||||||||||||||||
| ▲ | dochtman 11 hours ago | parent | next [-] | ||||||||||||||||||||||
A lot of Let’s Encrypt is not the software but a bunch of auditing and process that ensure compliance and make it legible to the required auditors. | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | computer23 11 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
Google has their own free ACME endpoint: https://pki.goog/ | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | JCTheDenthog 11 hours ago | parent | prev [-] | ||||||||||||||||||||||
[dead] | |||||||||||||||||||||||