Bonum Certa Men Certa

Let's Encrypt and Other Certificate Authorities (CAs) Are Not About Security and Privacy

posted by Roy Schestowitz on Sep 04, 2024

"Encrypt" like "crypto" 'coins', i.e. a misnomer or misdirection

Peter Eckersley's homepage

YESTERDAY we said that Peter Eckersley's site being back online was interesting because he's the father of Let's Encrypt and, as Daniel Pocock put it a day earlier: "After securing Peter's domain, I immediately wanted to run certbot from Peter's Let's Encrypt project and obtain a certificate. Should it really be this easy to obtain a certificate for a domain previously owned by somebody else? Make of that what you will."

It should be noted that meanwhile, or yesterday to be precise, Geminispace has divested some more. Even less of Let's Encrypt now (!): 38 capsules left.

2563 (89.6 %) capsules are self-signed, 38 (1.3 %) use the Certificate Authority Let's Encrypt, 258 (9.0 %) are signed by another CA (may be not a trusted one).

Pocock believes it should not be easy to get "certificate for a domain previously owned by somebody else", but maybe that's a misconception because Certificate Authorities (CAs) aren't meant for real security, real authenticity, or real privacy (in practice, CAs worsen privacy because a third party will collect access data even outside one's own country). CAs are just another example of clown bullcrap disguised as sage advice on security - like dropouts who pretend to master security and instead outsource our boot to Microsoft - a company so bad at security that its own government blasts it for it.

Anyway, as a side story about the Pocock adventure, he told me of an urgent situation some days before the site went live again (Peter Eckersley and Pocock have known each other for decades; they're no foes). Pocock thought "shit [had] hit the fan" because of something happening at ISNIC - Internet á Íslandi hf. "It is already 6:15am on 2 September in Melbourne, the anniversary of Peter's death," he said. "I resurrected Peter's domain name and web site in June. I was planning to announce it today. Somebody maliciously put the domain on hold just before the weekend. "This domain is on hold" and "Last change" is 29 August..."

"I received no communication from the host or registry about this."

He later said: "It looks like this may have been an unlucky coincidence. ISNIC apparently tightened their criteria for nameservers without telling anyone. https://pde.is appears to be online again. I'm still going to publish something about it. Nonetheless, given that it was brought back quickly, I want to avoid jumping to conclusions."

Here are his existing blog posts about Peter, who site he has revived. It looks like some time very soon his public talk will be available online. Still waiting for new uploads to progress in this page (ClueCon 2024 uploads started less than a day ago).

FreeSWITCH

Other Recent Techrights' Posts

Speaking Truth to Power (More Effectively)
Behind every 'tech' giant there's some dark secret and they already seek to demonise/discredit critics/exposers
 
[Meme] EPO Suckers
The EPO's president refers to himself as "the f**king president" (maybe he knows why)
Central Staff Committee on EPO Bribing Its Critics, Using a "Sharp and Abrupt Reduction, Estimated at 80% to 90%, in the Number of Refusals and Summons for Oral Proceedings in Areas Related to Software Patents"
silence would be a form of enhanced complicity, in effect endorsing both bribes and violation of the EPC
Links 20/09/2024: Qualcomm Layoffs, Interest Rates Fall
Links for the day
Gemini Links 20/09/2024: 3K Run and Lagrange 1.18
Links for the day
Spam of the Day (Yes, Brittany Day Again)
They leverage LLMs for SEO purposes
Links 20/09/2024: Chinese Botnet Dismantled, More EU Shake-ups
Links for the day
Links 20/09/2024: European Commission on Microsoft Competition Abuses, More Revelations About Mass Layoffs at IBM and Microsoft
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 19, 2024
IRC logs for Thursday, September 19, 2024
Links 19/09/2024: UPC Illegal 'Court' and Microsoft LinkedIn Called Out for Data Misuse
Links for the day
Gemini Links 19/09/2024: Invidious Problems and Install Times
Links for the day
Links 19/09/2024: Scam ‘Funeral Streaming’ and More Microsoft TCO Tales
Links for the day
In Sweden, GNU/Linux Almost 20% of the Laptop/Desktop Market, Firefox Falls to 2%
In the US, once a browser falls below 2%, many critical sites can legally ignore it (or its users' needs) altogether
When Microsoft Pays a Lot of Money to Reddit, 'Linux' Foundation, and Countless Other Entities
As does Google
A CoC Will Destroy Your Free Software Community and Help Imposers of CoC (Like Microsoft)
Abusers like to disguise censorship (of their abuse) as "manners" or good "conduct"
IBM Likely Breaking Several Laws With Latest 'Secret' Mass Layoffs
Never sign an NDA
Gemini Links 19/09/2024: Emacs Wiki and China, IRC Chatting
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 18, 2024
IRC logs for Wednesday, September 18, 2024
Links 18/09/2024: Web Server Survey Shows Microsoft Down Again, Omkhar Arasaratnam Leaves Microsoft-connected OpenSSF
Links for the day
Links 18/09/2024: Gaming Layoffs and New Openwashing by Linux Foundation
Links for the day
Gemini Links 18/09/2024: Home, Ashram, and Markdoc
Links for the day
Morale at Microsoft Sinking, More Layoffs Expected, Stock Buybacks Blasted
controversial because they should really be illegal
[Meme] Think. Positive. Saturate the Media.
IBM: Layoffs? What layoffs?
The Kubecost Acquisition Does Not Show IBM is Rich, It Shows It Wants to Distract From Mass Layoffs Happening This Week (Thousands Laid Off in the Dark)
So-called "news deserts" have become a national and international phenomenon (not local/regional)
IBM Has Been Lobbying for Software Patents, It's Not the Free Software Community's Ally
The ancient company has been lobbying for these patents for decades already
Over Half a Day Later the Media Still Doesn't Cover Thousands of Layoffs at IBM
Not even a single news site bothered to investigate and report this? Not even one?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 17, 2024
IRC logs for Tuesday, September 17, 2024