Comment by bawolff
6 hours ago
> But there is no money in making that a solution and a TON of money in selling you BS HTTPS certs
Ah yes, because lets encrypt is rolling in the $$$$.
6 hours ago
> But there is no money in making that a solution and a TON of money in selling you BS HTTPS certs
Ah yes, because lets encrypt is rolling in the $$$$.
Mark Shuttleworth paid for his ride to the space station by selling HTTPS certs.
The sad thing is that Mozilla and others have to spend millions bankrolling Let's Encrypt instead of using the free, high assurance PKI that is native to the internet!
It's not really free, though. Rather, the costs are distributed rather than centralized, but running DNSSEC and keeping it working incurs new operational costs for the domain holders, who need to manage keys and DNSSEC signing, etc. And of course there are additional marginal costs to the registrars of managing customer DNSSEC, both building automation and providing customer service when it fails.
It's of course possible that the total numbers are lower than the costs of the WebPKI -- I haven't run them -- but I don't think free is the right word.
I mean, I guess the costs are paid for by the domain name fee. But at least it doesn't have to be a charitable activity covered by non-profits. The early HTTPS certs were especially worthless and price-gouging.
5 replies →
Yes, the whole point of LetsEncrypt was to prevent that from happening again, and it now dominates the market.