<![CDATA[Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.]]>RE: https://mstdn.social/@hkrn/116718376973617082

Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please.

CC @EUCommission (Unless you want Europe’s online security to be another bargaining chip for Trump et al.)

]]>https://forum.fedi.dk/topic/cacc3e23-c752-4d31-a059-285b40752cf8/commons-based-independent-org-funded-by-eu-taxpayer-money-let-s-encrypt-compatible-acme-certificate-provider-now-please.RSS for NodeFri, 12 Jun 2026 07:53:02 GMTTue, 09 Jun 2026 07:20:57 GMT60<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Wed, 10 Jun 2026 06:34:32 GMT]]>@LukefromDC @EUCommission @aral

Good point, though to my knowledge, US doesn't do MITMs and police raids on behalf of Russia YET, and US companies in general are at less pressure from US government, so it's more of potential threat than one I could assume is used in practice right now, like with Russian certificates.

That's a whole can of worms with how SSL root of trust is right now, where current default security features like root CAs are potentially worse than self-signed certificates depending on threat model.]]>https://forum.fedi.dk/post/https://akko.wtf/objects/30cfe3ea-8c3b-4e1a-bc57-5a8636c5e2b9https://forum.fedi.dk/post/https://akko.wtf/objects/30cfe3ea-8c3b-4e1a-bc57-5a8636c5e2b9Wed, 10 Jun 2026 06:34:32 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Wed, 10 Jun 2026 06:30:39 GMT]]>@feld @aral @jonah Centralization in encryption is itself a risk. Suppose the US government served Lets Encrypt and other keystores with a court order to add government-controlled certificates to allow MITM attacks, plus a gag order?

These are not anarchists, they usually don't burn grand jury subpeonas and destroy data to keep it out of the hands of those who are our enemies but not their enemies.

]]>https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116724402723751774https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116724402723751774Wed, 10 Jun 2026 06:30:39 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Wed, 10 Jun 2026 06:23:36 GMT]]>@tiredbun @EUCommission @aral

In some places a US certificate (or even more so an OS or program) is more dangerous than a Russian or Chinese one on the basis of who the spyware (MITM "certificate" that lets attacker decrypt and resend content) answers to.

For someone in the US government or someone representing Ukranian interests a Russian certificate would be a big problem unless marked untrusted and approved at every use for only the sites needing it, which in turn could not be trusted.

For someone OPPOSING the US government, its a bit more complex given the Trump-Putin relationship. In a 3ed party nation opposed by the US but without a Russian influence operation trying to take over, the US certificate becomes the dangerous one.

Similarily, Russian antiwar activists should not trust anything from the US due to the likelihood of the take from US spyware making its way to Putin via Trump and his minions.

]]>https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116724374985015681https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116724374985015681Wed, 10 Jun 2026 06:23:36 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Wed, 10 Jun 2026 06:02:18 GMT]]>@LukefromDC @EUCommission @aral

I would generally treat any CA hosted in Russia as potentially controlled by government, due to it being a big and noticeable piece of public infrastructure that requires a lot of trust. (From my understanding, having CA root certificate installed to device or browser means it can potentially do MITM on any site browsed on it, not just ones actually signed by that CA.)

It may be a "third party" but actually a front for a big company with close ties to government (happened with third party telegram client). Other possibility, hardware running it may be seized in a police raid at any moment, to avoid being raided company behind CA would have to answer every polite police request to give any data and potentially to do MITM attacks on their behalf.

Also, Russian government may shut down any company that works with "extremists" and in general whatever is forbidden by law (a lot, and in very vague way), meaning this CA will only be useful only to sqeaky clean sites that avoid politics or ones specifically licking boots of current russian government.

With that, most people in Russia itself (knowledgeable enough about CA) would prefer any foreign one over any local one. Though I guess, for most people not in Russia it may actually be not as bad, depending on their threat model and whether they want to make everyone using their site to have to install a third party root CA certificate that will likely never come preinstalled.]]>https://forum.fedi.dk/post/https://akko.wtf/objects/c6c48e45-5d07-4911-92d5-0e639fb6e228https://forum.fedi.dk/post/https://akko.wtf/objects/c6c48e45-5d07-4911-92d5-0e639fb6e228Wed, 10 Jun 2026 06:02:18 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 20:18:14 GMT]]>@jonah @aral creating a new one is useless in the short term because of the amount of time it takes to get the new CA propagated into all the OS and browser CA trust stores by default (it will take years)

this is something that should have been done many years ago.

but instead how about we just abolish the entire centralized CA system?]]>https://forum.fedi.dk/post/https://friedcheese.us/objects/44ea0cfe-65c4-4223-a144-e6ed74555eedhttps://forum.fedi.dk/post/https://friedcheese.us/objects/44ea0cfe-65c4-4223-a144-e6ed74555eedTue, 09 Jun 2026 20:18:14 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 19:58:12 GMT]]>@tiredbun @EUCommission @aral I was more thinking Russian 3ed parties than the government itself unless Putin has banned that.

If there's one thing less safe than encryption with a Russian certificate, it's going back to plain http, which can be read and monitored by ISPs and sometimes even a hostile party on coffeeshop witi.

]]>https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116721915797164954https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116721915797164954Tue, 09 Jun 2026 19:58:12 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 19:55:46 GMT]]>@LukefromDC @aral @EUCommission

Nobody even in Russia itself wants to install Russian government controlled CA on their devices.]]>https://forum.fedi.dk/post/https://akko.wtf/objects/5cbae4cf-9906-490d-95ec-314516fd528chttps://forum.fedi.dk/post/https://akko.wtf/objects/5cbae4cf-9906-490d-95ec-314516fd528cTue, 09 Jun 2026 19:55:46 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 19:44:31 GMT]]>@EUCommission By the way, in case you’re wondering, this means that apart from folks in Cuba and Iran not being able to use Let’s Encrypt, neither can the UN Special Rapporteur for Palestine, Francesca Albanese nor the ~11 International Criminal Court judges and other officials that are being persecuted for opposing Israel’s ongoing genocide of the Palestinian people and their efforts to bring the war criminals responsible to justice.

]]>https://forum.fedi.dk/post/https://mastodon.ar.al/users/aral/statuses/116721861993009039https://forum.fedi.dk/post/https://mastodon.ar.al/users/aral/statuses/116721861993009039Tue, 09 Jun 2026 19:44:31 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 19:31:47 GMT]]>@i @aral @EUCommission Not really comparable when the free option is limited to a single domain SAN (with optional www variant) and no wildcards. It’s just a loss leader from a commercial CA trying to attract new paying customers.

]]>https://forum.fedi.dk/post/https://mastodon.social/users/rmbolger/statuses/116721811935305674https://forum.fedi.dk/post/https://mastodon.social/users/rmbolger/statuses/116721811935305674Tue, 09 Jun 2026 19:31:47 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 19:29:02 GMT]]>@aral

Basing anything on US policy generally is questionable; basing it on US policy right now is bananabonkers.

If it had said "UN sanctioned" or "EU sanctioned", that would be another matter entirely.

@EUCommission

]]>https://forum.fedi.dk/post/https://toot.cat/users/woozle/statuses/116721801127835966https://forum.fedi.dk/post/https://toot.cat/users/woozle/statuses/116721801127835966Tue, 09 Jun 2026 19:29:02 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 19:23:33 GMT]]>@aral Or push for DANE in browsers and other clients.

Or both. Both is good.

@EUCommission

]]>https://forum.fedi.dk/post/https://mastodon.ml/users/drq/statuses/116721779554498759https://forum.fedi.dk/post/https://mastodon.ml/users/drq/statuses/116721779554498759Tue, 09 Jun 2026 19:23:33 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 18:39:36 GMT]]>@aral @EUCommission The point is really that US sanctions are now so widespread as to encourage nations sanctioned by the US to cooperate with oneanother regardless of other factors short of direct war or invasion between one and another.

By blocking use of Lets Encrypt in sanctioned countries, the US is ceding ground to Russia at the expense of countries like Ukraine. They are dreaming if they think people will go back to straight http over this.

]]>https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116721606758271197https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116721606758271197Tue, 09 Jun 2026 18:39:36 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 14:19:36 GMT]]>@i @EUCommission Right, what I’m saying is that we need to fund not a business but an org for in the common good so it’s free as in freedom not free as the free tier.

]]>https://forum.fedi.dk/post/https://mastodon.ar.al/users/aral/statuses/116720584390017159https://forum.fedi.dk/post/https://mastodon.ar.al/users/aral/statuses/116720584390017159Tue, 09 Jun 2026 14:19:36 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 13:39:49 GMT]]>@aral indeed. But you need orgs like these and other PKI operators to be able to create a CA that can compete with LE.

Let's Encrypt founding sponsors and partners include Cisco and Akamai. They are also sponsored ATM by Google, Microsoft, etc.

@EUCommission]]>https://forum.fedi.dk/post/https://toot.pouyan.net/objects/f1c228a1-2d91-4692-abf3-2d77de357932https://forum.fedi.dk/post/https://toot.pouyan.net/objects/f1c228a1-2d91-4692-abf3-2d77de357932Tue, 09 Jun 2026 13:39:49 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 13:27:12 GMT]]>@LukefromDC @EUCommission Thanks but no thanks.

]]>https://forum.fedi.dk/post/https://mastodon.ar.al/users/aral/statuses/116720378349497936https://forum.fedi.dk/post/https://mastodon.ar.al/users/aral/statuses/116720378349497936Tue, 09 Jun 2026 13:27:12 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 13:20:23 GMT]]>@i @EUCommission And, yet again, it’s a commercial enterprise.

]]>https://forum.fedi.dk/post/https://mastodon.ar.al/users/aral/statuses/116720351515993402https://forum.fedi.dk/post/https://mastodon.ar.al/users/aral/statuses/116720351515993402Tue, 09 Jun 2026 13:20:23 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 13:10:00 GMT]]>@aral Actalis has actually comparable services as Let's Encrypt. But it's not as advances or stable as LE in my opinion.

https://www.actalis.com/activate-free-plan

@EUCommission]]>https://forum.fedi.dk/post/https://toot.pouyan.net/objects/f0982e6d-0837-4768-b388-abf9431e8151https://forum.fedi.dk/post/https://toot.pouyan.net/objects/f0982e6d-0837-4768-b388-abf9431e8151Tue, 09 Jun 2026 13:10:00 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 11:02:10 GMT]]>@jonah @aral It's a pity that CAcert.org never succeeded. If I remember correctly I got a reminder email from them a few months ago so I assume they're still out there.

Then there's the confusing story of Zero SSL (which Caddy webserver started to default to I believe) which can be used to get a limited amount of 'free' SSL certificates.

https://blog.hqcodeshop.fi/archives/391-Goodbye-CAcert.org-Welcome-Lets-Encrypt!.html

https://community.letsencrypt.org/t/zero-ssl-who-is-this/243898/3

]]>https://forum.fedi.dk/post/https://todon.eu/users/regendans/statuses/116719808067583968https://forum.fedi.dk/post/https://todon.eu/users/regendans/statuses/116719808067583968Tue, 09 Jun 2026 11:02:10 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 10:50:41 GMT]]>@jonah @aral
+1 for
not commons, and free subscription needed... but ACME compatible... already using it for lots of web/mail stuff, without any issues..

(from NO) is another option but iirc they stopped their free certs some time ago, only paid certs now, but still acme compatible

]]>https://forum.fedi.dk/post/https://kafeneio.social/users/uhuru/statuses/116719762918939131https://forum.fedi.dk/post/https://kafeneio.social/users/uhuru/statuses/116719762918939131Tue, 09 Jun 2026 10:50:41 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 08:27:20 GMT]]>@aral @EUCommission I'm sure someone in Russia can step up to provide certificates usable in places sanctioned by the U$

]]>https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116719199216612408https://forum.fedi.dk/post/https://kolektiva.social/users/LukefromDC/statuses/116719199216612408Tue, 09 Jun 2026 08:27:20 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 07:58:29 GMT]]>@poulet_benoit @aral @EUCommission I still think it's good for everyone if there are more options. It's a tragedy that lets encrypt has to enforce export control on the "enemy" of the hour instead of focusing on their mission of creating a more secure internet for everyone.

]]>https://forum.fedi.dk/post/https://mastodon.social/users/fullywoolly/statuses/116719085752048217https://forum.fedi.dk/post/https://mastodon.social/users/fullywoolly/statuses/116719085752048217Tue, 09 Jun 2026 07:58:29 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 07:52:48 GMT]]>@aral @EUCommission

That’s perfect, with all theses stupids move, the world will be building alternatives.

It’s a good things for everyone (but the US)

]]>https://forum.fedi.dk/post/https://fosstodon.org/users/poulet_benoit/statuses/116719063448159743https://forum.fedi.dk/post/https://fosstodon.org/users/poulet_benoit/statuses/116719063448159743Tue, 09 Jun 2026 07:52:48 GMT<![CDATA[Reply to Commons-based (independent org funded by EU taxpayer money) Let’s Encrypt compatible ACME certificate provider now, please. on Tue, 09 Jun 2026 07:51:34 GMT]]>@aral not commons, and it requires an account, but a free and Italian option for people in the meantime: https://www.actalis.com/subscription

]]>https://forum.fedi.dk/post/https://mastodon.neat.computer/users/jonah/statuses/116719058601311654https://forum.fedi.dk/post/https://mastodon.neat.computer/users/jonah/statuses/116719058601311654Tue, 09 Jun 2026 07:51:34 GMT