Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

everyone interested in conspiracy, please read the comments over here: https://www.schneier.com/blog/archives/2014/11/a_new_free_ca... when bruce schneier wrote about let's encrypt.


That's very overblown. Any CA in any place on the globe is in danger of being taking on their balls by some shady state agency. That's the CA problem.

Doing this at huge scale is not possible though without people noticing. Also one can pin certificates in some situations. Let's Encrypt makes it easy for us people to put an end to mass surveillance.


Unless I'm mistaken they're also fundamentally misunderstanding SSL/TLS.

As far as I can tell, LE never sees your private keys. A Certificate Authority signs your public key, so no, the NSA can't coerce LE to give up your private key because LE never sees it to begin with. Could the NSA coerce LE into signing one of the NSA's public keys under your Common Name (that is, coerce them into issuing rogue certificates for "national security" use)? Certainly, but they could do this before, with any already existing CA.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: