← Back to context

Comment by YPPH

3 years ago

Running your own PKI is fairly straightforward, particularly with tools like cfssl at your disposal.

But running your own PKI properly is quite hard.

Let's Encrypt gives you top tier PKI management for $0.

8 comments

YPPH

Reply
justin_oaks  3 years ago

How do you define "properly"? What are some of the things someone can do wrong that Let's Encrypt does correctly?

  • YPPH  3 years ago

    Root certificate stored on offline HSM and intermediates on secure infrastructure. FIPS compliance. (Relatively) reliable revocation services. [See note 0]

    The result is security of issuance, that is near complete confidence that certificates will only be used for controlled domains (not necessary if you want to MITM of course).

    Also, ACME is generally easier and more reliable than other certificate rollover processes I've seen. I'm not sure if there's in-house PKI tools supporting it?

    Depends on your organisation size though. Maybe your in-house PKI is fine, but it's not for everyone!

    [Note 0] Revocation is of course a mess. Let's Encrypt isn't without fault either, particularly when used internally, since OCSP responders will need to be accessible from client devices.

    • Spivak  3 years ago

      I mean sure but an org doesn’t really need that much security. If you’re not taking that much care with your API keys and db passwords then you probably don’t need it for certs either. Keep your root CA offline and in an air gapped backup, issue team specific intermediates with med length and keep your endpoint certs short.

      You need as much security on your CA as the accounts in your org with the authority to replace them with your provisioning tools.

      1 reply →

silvestrov  3 years ago

A business case for Let's Encrypt is to support internal hosts which are not visible on the internet (Let's Encrypt can check that) and omit the hostnames from the Certificate Transparency Logs.

Let a business pay $100/year for 10 internal hostnames.

  • cmeacham98  3 years ago

    I'm fairly certain LE is required to emit signed certificates to CT by the CA/B forum baseline requirements, with no "internal only" exception.

    In other words, if they do this they will be untrusted in browsers. They could offer this service on a secondary untrusted root if they wanted.

    • jopsen  3 years ago

      They could augment the CT spec, such that only a hash of the domain needs to be made public.

      Would be a great way to found LE :)

amelius  3 years ago

> Let's Encrypt gives you top tier PKI management for $0.

Ok, but it fails at one of the requirements.