Daniel Pocock Brought Back the Site of Let's Encrypt's Founder and Proved That Let's Encrypt Does Not Verify Authenticity

posted by Roy Schestowitz on Sep 03, 2024

Let's Encrypt (part of Linux Foundation, hostage of GAFAM) and other prominent CAs may say it's "cheap" or "free" to get a 'valid' certificate (well, valid as in "OK" from their own and subjective point of view, till they change their minds). There's something dangerous about this cartel or cabal of so-called "trust" (chain thereof). Like Mastodon's secret blacklists for "the Fediverse", constituting authoritarian groupthink. Does a site with a "certificate" or some bytes from Let's Encrypt signal that it's safe? That it is authentic? No. Any malicious site, even a site that serves malware, can get a certificate from Let's Encrypt.

So what does that even accomplish or signal? Is that any more about security than "secure" boot is? It's good at locking people out of their own PC, even when nothing is wrong with the PC (or server [1, 2]).

Now that Peter Eckersley's site is back online it's a good time to revisit his "child", Let's Encrypt, which is slipping away in Geminispace. 2 days ago only 42 capsules were known to be using Let's Encrypt, yesterday it was down to 41, and today:

So... yes.. It's down to 40 now. Top capsules in Lupa:

techrights.org served 21,602 Gemini requests yesterday. It used its own self-signed certificate. Because in Gemini the client software does not scream and shout if one doesn't outsource. Gemini Protocol isn't made by a bunch of clowns.

Outsourcing trust is simply not security, and barely even authenticity. As Daniel Pocock put it yesterday: "After securing Peter's domain, I immediately wanted to run certbot from Peter's Let's Encrypt project and obtain a certificate. Should it really be this easy to obtain a certificate for a domain previously owned by somebody else? Make of that what you will." █

Other Recent Techrights' Posts

'India Today' is a Slopfarm, Sometimes 'Covering' "Linux" With Slop Images: New example of pure BS
Rumours of IBM Layoffs Again, This Time Marketing: It's "bad marketing" to talk about layoffs
Slopwatch: linuxsecurity.com and hamradio.my (in Planet Ubuntu) Are at It Again With LLM Slop About "Linux": LLM slop does not save time
Bluewashing Ends DEI at IBM and at Red Hat (HR or Hiring Become Gender- and Race-Neutral): All that "whitelist is racist" stuff is likely a thing of the past
Margarita Manterola (marga, Google) & Debian DebConf13 Swiss venue intrigue: Reprinted with permission from Daniel Pocock
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, March 14, 2025: IRC logs for Friday, March 14, 2025
Gemini Links 14/03/2025: Grizzy Bear and Prime Beats: Links for the day
Links 14/03/2025: ProPublica Admitting That It Uses Slop (Foolish Move), RIP Mark Klein: Links for the day
Windows is Fast Becoming Insignificant to Zimbabweans: based on this survey, less than 1 in 6 Web requests may originate from Windows
The Fall of the Open Source Initiative (OSI): The OSI Does Not Speak For You, OSI Staff Speaks for GAFAM/Microsoft (the Paymasters): they speak for proprietary software companies, but they wear "open" on their sleeve
Microsoft Money Used for Abuse of Women and Against Journalism in Support of Women (the Victims): "Never interrupt your opponent while he is in the middle of making a mistake."
Links 14/03/2025: Chinese Tensions With Australia, Putin Turns Down Ceasefire: Links for the day
Gemini Links 14/03/2025: Löjl and Docker Context Stuff: Links for the day
Links 14/03/2025: Scam Currencies in the US and Oligarchs (Including GAFAM) Controlling All the Major Policies: Links for the day
Antisemitic Attacks on Richard Matthew Stallman (RMS) in Wikipedia This Week: Did the man strike a nerve or what?
Links 13/03/2025: Intel Rotates Figurehead and South Korea Imports Karen People From Myanmar: Links for the day
Meanwhile at Microsoft Canonical...: Promoting proprietary surveillance by a company that actively attacks Linux in a lot of ways
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, March 13, 2025: IRC logs for Thursday, March 13, 2025
Links 13/03/2025: Calculators and Spreadsheets, Returning to a Human Internet: Links for the day
Links 13/03/2025: Further Assaults on Science and Education in the US: Links for the day
Expect XBox to Be Shut Down Like Skype: "hey hi"-washing fools nobody
Truth Hurts (Especially Some Dishonest and/or Greedy People), But Reporting Truth is What Makes Journalism Valuable to the General Public and Helps Protect Society From Abuse by Sociopaths or Pathological Liars: When it comes to reporting, we're on the side of female victims, not the men who strangle them.
New Paper Reveals the Web (and Net) Drowns in LLM Slop, "Linux" is Impacted Too: It will be getting harder to trust anything on the Web
Links 13/03/2025: RIP, Carl Lundström; Tesla (the Company, Not Scientist It Piggybacks) Besieged by Public Backlash: Links for the day
Gemini Links 13/03/2025: MElon "Greek Tragedy" and Going Offline More: Links for the day
Richard Matthew Stallman, or rms (RMS), Turns 72 This Coming Weekend: This coming Sunday he deserves a cake
Links 13/03/2025: COVID-19 Legacies and "Modern" Cars as Spying Machines on Wheels: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 12, 2025: IRC logs for Wednesday, March 12, 2025