Good point because it brings out the principles of confidentiality and integrity of data in transit. But, your link to the principles of Let’s Encrypt shows that everyone is looking at this from the same perspective. My point is to pull away from the group-think and look at it from a different perspective.

“Free” and “automatic” both say “I don’t have to worry about this…” That is exactly the opposite of the needed message on cyber security these days.

“Secure” means the confidentiality and integrity of the data in transit. The data is not secure because it is encrypted. It is only as secure as is the KMS used to generate the keys on which the cert is based.

“Transparent” is redundant; CRLs are a basic feature of the PKI.

“Open” and “Cooperative” can, and do, lead to group-think where everyone is validating everyone else’s assumptions and no one is looking critically at the whole to ask whether the assumptions have been challenged…

And the assumption which needs to be challenged is as you say: Is free, automatic, secure, transparent, open, and cooperative really a good idea?

Written by

I am a charter member of the pocket-protector set, but old enough to make fun of them and otherwise have a healthy skepticism of tech.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store