Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ok, so this is an official split of "WebPKI" and "everything else PKI" then?

Last time I checked, Let's Encrypt was saying they provide free TLS certs, not free WebPKI certs. When did that change?



You are being pedantic but also pedantically incorrect.

Lets encrypt provides value by providing signed TLS certs that are enrolled in webPKI (i.e. trusted by browsers).

If they were just provided a (not necessarily trusted) tls cert, like what anyone can generate from the command line, nobody would use them.


Let's Encrypt also provides value by providing signed TLS certificates that are enrolled in all major operating systems, and that can be used to authenticate any TLS server.

This is a significant and important use case that's totally ignored by the "WebPKI" proponents, and there is no alternative infrastructure that would provide that value if WebPKI would e.g. decide to add certificate constraints limiting issued certificates to TCP/433.


That's being overly pedantic. PKIs for different purposes have been separate for a while, if not from the start. LE is still giving you a "TLS cert".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: