Have you gotten your Let's Encrypt certificate yet?

Let's Encrypt offers free signed certificates that will work in major browsers, and will liberate us from the CAfia and the fundamental conflict between having everyone be secure and squeezing money out of the process as a middleman.

Hopefully this is only a stopgap until we move to something more flexible, that would limit the severity of compromises and allow actual delisting of misbehaving CAs instead of a slap on the wrist.

getting it later on today, just watched the CCC talk about it.

Thanks, but I'll stick with double rot13 for now.

Nice but count on it, somebody will ruin it for the rest of us.

Hopefully this is only a stopgap until we move to something more flexible, that would limit the severity of compromises and allow actual delisting of misbehaving CAs instead of a slap on the wrist.

Well from a practical perspective all I'd want is a dozen of this same service, just run by different organizations.

>>4
This is the fundamental flaw of the certificate authority system: adding more CAs can only weaken security. A compromise on any of the hundreds of CAs lets you spoof any site on the internet.

>>5
If you look at it that way, sure.
But trust and risk isn't just subject to chance in the real world. If the authority compromised is in the same jurisdiction as I am I could take legal action more easily and Govt agencies from a different jurisdiction have a harder time getting the authority to act compromised.
Further, you shouldn't attribute risk for any CA to be compromised as a constant. The risk is more closely related to the number of people involved and their motivations. One CA being trusted by more people would require more people to operate. But different CAs operated by a similar number of people total might have motivation to remain trustworthy out of competition, not just because the law.

>>6
You could take legal action, but by then you and countless others have already been mercilessly buttraped by a thousand government officials and slovenian h4ckerz, with no hope of recovery.