:: Re: [DNG] Let's Encrypt (was: snapd…
Top Page
Delete this message
Reply to this message
Author: Steve Litt
Date:  
To: dng
Subject: Re: [DNG] Let's Encrypt (was: snapd in Devuan? Dependency on systemd...)
On Thu, 3 Dec 2020 13:38:47 -0800
Rick Moen <rick@???> wrote:

> Quoting Arnt Karlsen (arnt@???):
>
> > ..meanwhile, I too lean towards Ian's contrarianism:
> > http://michael.orlitzky.com/articles/lets_not_encrypt.xhtml
>
> I couldn't possibly agree more. Let's Encrypt is a Potemkin Village
> approach to the SSL cert problem; it's pretend security that pretends
> as if a broken and unreliable CA infrastructure weren't that.
>
> I continue to self-sign only, and if people want to know why they
> should trust it, I'll say 'Either (a) don't, or (b) verify the hash
> with me via any of a large variety of out-of-band methods, like any
> sensible person.' If they counter that they want an automated lock
> icon on their Web browsers so they are absolved of the need to think,
> I say 'Sounds like a personal problem.'
>
> It makes me sad that this view is deemed 'contrarian'. As a
> sysadmin, I consider it obvious common sense.
>


What about the fact that Google gives higher rankings to secure
accounts? For google togive that higher ranking, does self-signing
suffice for enhanced rankings, or does one have to have a cert signed
by a certification company like Let's Encrypt? This makes a big
difference for business websites.

Thanks,

SteveT

Steve Litt
Autumn 2020 featured book: Thriving in Tough Times
http://www.troubleshooters.com/thrive