Let's Encrypt and Other Certificate Authorities (CAs) Are Not About Security and Privacy
"Encrypt" like "crypto" 'coins', i.e. a misnomer or misdirection
YESTERDAY we said that Peter Eckersley's site being back online was interesting because he's the father of Let's Encrypt and, as Daniel Pocock put it a day earlier: "After securing Peter's domain, I immediately wanted to run certbot from Peter's Let's Encrypt project and obtain a certificate. Should it really be this easy to obtain a certificate for a domain previously owned by somebody else? Make of that what you will."
It should be noted that meanwhile, or yesterday to be precise, Geminispace has divested some more. Even less of Let's Encrypt now (!): 38 capsules left.
Pocock believes it should not be easy to get "certificate for a domain previously owned by somebody else", but maybe that's a misconception because Certificate Authorities (CAs) aren't meant for real security, real authenticity, or real privacy (in practice, CAs worsen privacy because a third party will collect access data even outside one's own country). CAs are just another example of clown bullcrap disguised as sage advice on security - like dropouts who pretend to master security and instead outsource our boot to Microsoft - a company so bad at security that its own government blasts it for it.
Anyway, as a side story about the Pocock adventure, he told me of an urgent situation some days before the site went live again (Peter Eckersley and Pocock have known each other for decades; they're no foes). Pocock thought "shit [had] hit the fan" because of something happening at ISNIC - Internet á Íslandi hf. "It is already 6:15am on 2 September in Melbourne, the anniversary of Peter's death," he said. "I resurrected Peter's domain name and web site in June. I was planning to announce it today. Somebody maliciously put the domain on hold just before the weekend. "This domain is on hold" and "Last change" is 29 August..."
"I received no communication from the host or registry about this."
He later said: "It looks like this may have been an unlucky coincidence. ISNIC apparently tightened their criteria for nameservers without telling anyone. https://pde.is appears to be online again. I'm still going to publish something about it. Nonetheless, given that it was brought back quickly, I want to avoid jumping to conclusions."
Here are his existing blog posts about Peter, who site he has revived. It looks like some time very soon his public talk will be available online. Still waiting for new uploads to progress in this page (ClueCon 2024 uploads started less than a day ago). █
