Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.
-
RE: https://mstdn.social/@hkrn/116718376973617082
Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.
CC @EUCommission (Unless you want Europe’s online security to be another bargaining chip for Trump et al.)
@aral not commons, and it requires an account, but a free and Italian option for people in the meantime: https://www.actalis.com/subscription
-
RE: https://mstdn.social/@hkrn/116718376973617082
Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.
CC @EUCommission (Unless you want Europe’s online security to be another bargaining chip for Trump et al.)
That’s perfect, with all theses stupids move, the world will be building alternatives.
It’s a good things for everyone (but the US)
-
That’s perfect, with all theses stupids move, the world will be building alternatives.
It’s a good things for everyone (but the US)
@poulet_benoit @aral @EUCommission I still think it's good for everyone if there are more options. It's a tragedy that lets encrypt has to enforce export control on the "enemy" of the hour instead of focusing on their mission of creating a more secure internet for everyone.
-
RE: https://mstdn.social/@hkrn/116718376973617082
Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.
CC @EUCommission (Unless you want Europe’s online security to be another bargaining chip for Trump et al.)
@aral @EUCommission I'm sure someone in Russia can step up to provide certificates usable in places sanctioned by the U$
-
@aral not commons, and it requires an account, but a free and Italian option for people in the meantime: https://www.actalis.com/subscription
-
@aral not commons, and it requires an account, but a free and Italian option for people in the meantime: https://www.actalis.com/subscription
@jonah @aral It's a pity that CAcert.org never succeeded. If I remember correctly I got a reminder email from them a few months ago so I assume they're still out there.
Then there's the confusing story of Zero SSL (which Caddy webserver started to default to I believe) which can be used to get a limited amount of 'free' SSL certificates.
https://blog.hqcodeshop.fi/archives/391-Goodbye-CAcert.org-Welcome-Lets-Encrypt!.html
https://community.letsencrypt.org/t/zero-ssl-who-is-this/243898/3
-
RE: https://mstdn.social/@hkrn/116718376973617082
Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.
CC @EUCommission (Unless you want Europe’s online security to be another bargaining chip for Trump et al.)
@aral Actalis has actually comparable services as Let's Encrypt. But it's not as advances or stable as LE in my opinion.
https://www.actalis.com/activate-free-plan
@EUCommission -
@aral Actalis has actually comparable services as Let's Encrypt. But it's not as advances or stable as LE in my opinion.
https://www.actalis.com/activate-free-plan
@EUCommission@i @EUCommission And, yet again, it’s a commercial enterprise.
-
@aral @EUCommission I'm sure someone in Russia can step up to provide certificates usable in places sanctioned by the U$
@LukefromDC @EUCommission Thanks but no thanks.
-
@i @EUCommission And, yet again, it’s a commercial enterprise.
@aral indeed. But you need orgs like these and other PKI operators to be able to create a CA that can compete with LE.
Let's Encrypt founding sponsors and partners include Cisco and Akamai. They are also sponsored ATM by Google, Microsoft, etc.
@EUCommission -
@aral indeed. But you need orgs like these and other PKI operators to be able to create a CA that can compete with LE.
Let's Encrypt founding sponsors and partners include Cisco and Akamai. They are also sponsored ATM by Google, Microsoft, etc.
@EUCommission@i @EUCommission Right, what I’m saying is that we need to fund not a business but an org for in the common good so it’s free as in freedom not free as the free tier.
-
@LukefromDC @EUCommission Thanks but no thanks.
@aral @EUCommission The point is really that US sanctions are now so widespread as to encourage nations sanctioned by the US to cooperate with oneanother regardless of other factors short of direct war or invasion between one and another.
By blocking use of Lets Encrypt in sanctioned countries, the US is ceding ground to Russia at the expense of countries like Ukraine. They are dreaming if they think people will go back to straight http over this.
-
RE: https://mstdn.social/@hkrn/116718376973617082
Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.
CC @EUCommission (Unless you want Europe’s online security to be another bargaining chip for Trump et al.)
-
RE: https://mstdn.social/@hkrn/116718376973617082
Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.
CC @EUCommission (Unless you want Europe’s online security to be another bargaining chip for Trump et al.)
Basing anything on US policy generally is questionable; basing it on US policy right now is bananabonkers.
If it had said "UN sanctioned" or "EU sanctioned", that would be another matter entirely.
-
@aral Actalis has actually comparable services as Let's Encrypt. But it's not as advances or stable as LE in my opinion.
https://www.actalis.com/activate-free-plan
@EUCommission@i @aral @EUCommission Not really comparable when the free option is limited to a single domain SAN (with optional www variant) and no wildcards. It’s just a loss leader from a commercial CA trying to attract new paying customers.
-
RE: https://mstdn.social/@hkrn/116718376973617082
Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.
CC @EUCommission (Unless you want Europe’s online security to be another bargaining chip for Trump et al.)
@EUCommission By the way, in case you’re wondering, this means that apart from folks in Cuba and Iran not being able to use Let’s Encrypt, neither can the UN Special Rapporteur for Palestine, Francesca Albanese nor the ~11 International Criminal Court judges and other officials that are being persecuted for opposing Israel’s ongoing genocide of the Palestinian people and their efforts to bring the war criminals responsible to justice.
#LetsEncrypt #USA #fascism #israel #genocide #sanctions #EU #sovereignty
-
@aral @EUCommission I'm sure someone in Russia can step up to provide certificates usable in places sanctioned by the U$
@LukefromDC @aral @EUCommission
Nobody even in Russia itself wants to install Russian government controlled CA on their devices. -
@LukefromDC @aral @EUCommission
Nobody even in Russia itself wants to install Russian government controlled CA on their devices.@tiredbun @EUCommission @aral I was more thinking Russian 3ed parties than the government itself unless Putin has banned that.
If there's one thing less safe than encryption with a Russian certificate, it's going back to plain http, which can be read and monitored by ISPs and sometimes even a hostile party on coffeeshop witi.
-
@aral not commons, and it requires an account, but a free and Italian option for people in the meantime: https://www.actalis.com/subscription
@jonah @aral creating a new one is useless in the short term because of the amount of time it takes to get the new CA propagated into all the OS and browser CA trust stores by default (it will take years)
this is something that should have been done many years ago.
but instead how about we just abolish the entire centralized CA system? -
@tiredbun @EUCommission @aral I was more thinking Russian 3ed parties than the government itself unless Putin has banned that.
If there's one thing less safe than encryption with a Russian certificate, it's going back to plain http, which can be read and monitored by ISPs and sometimes even a hostile party on coffeeshop witi.
@LukefromDC @EUCommission @aral
I would generally treat any CA hosted in Russia as potentially controlled by government, due to it being a big and noticeable piece of public infrastructure that requires a lot of trust. (From my understanding, having CA root certificate installed to device or browser means it can potentially do MITM on any site browsed on it, not just ones actually signed by that CA.)
It may be a "third party" but actually a front for a big company with close ties to government (happened with third party telegram client). Other possibility, hardware running it may be seized in a police raid at any moment, to avoid being raided company behind CA would have to answer every polite police request to give any data and potentially to do MITM attacks on their behalf.
Also, Russian government may shut down any company that works with "extremists" and in general whatever is forbidden by law (a lot, and in very vague way), meaning this CA will only be useful only to sqeaky clean sites that avoid politics or ones specifically licking boots of current russian government.
With that, most people in Russia itself (knowledgeable enough about CA) would prefer any foreign one over any local one. Though I guess, for most people not in Russia it may actually be not as bad, depending on their threat model and whether they want to make everyone using their site to have to install a third party root CA certificate that will likely never come preinstalled.
