Comment by iso1631
2 days ago
Lets Encrypt do not control the US president.
You could argue that The Don in charge of the US is in control of letsencrypt
2 days ago
Lets Encrypt do not control the US president.
You could argue that The Don in charge of the US is in control of letsencrypt
> You could argue that The Don in charge of the US is in control of letsencrypt
He's not in control of letsencrypt or any other US-based CA.
It may not be well known, but Trump's administration loses about 80% of the time when they've been sued by companies, cities and states.
There's much more risk of state-sponsored cyber attacks against US companies.
Yeah, it's a bit far fetched but after Cloudflare CEO basically threatening to cut off Italy I was wondering what would happen if US really invades Greenland.
A simple windows to linux migration is not enough. If certificates expire without a way to refresh you'd either need to manually touch every machine to swap root certificates or have some of other contingency plan.
Remember that there are lots of CAs, and quite many of them are based outside of the US. Those CAs currently do not offer ACME services for free, but there’s nothing stopping them from doing so.
I would say that the WebPKI system seems to be quite resilient, even in the face of strong geopolitical tension.
Windows (and apple, google, mozilla) trust dozens of root certificates. I've got 148 pems in my /etc/ssl/certs directory on my laptop. 59 are from the US and thus 89 aren't. 10 are from China, 9 Germany, 7 UK. Others are India, Japan, Korea etc.
The far bigger problem is the American government forcing Microsoft/Apple/Google to push out a windows/iphone|mac/android|chrome update which removes all CAs not approved by the American government.
Canonical/Suse may be immune to such overt pressure, but once you get to that point you're way past the end of the international internet and it doesn't really matter anyway.