I just bought a web development company and what you describe is what I saw… all of my clients on the same CA… Bad news in my mind…

I think you missed one of my main points… When we encrypt data we are not trusting the cipher, we are trusting the KMS.

I am looking at this like a threat actor might… LE has created a huge target. If I can insert an insider into the LE ecosystem and compromise the KMS, each and every one of your clients is open to a man-in-the-middle attack.

When we develop a site for a client, SSL is not an option. If they say they don’t want it, we will not take the project. We do obtain our certs from the SSL Store, but we do not sell them separately — it is an integral part of the site design and development. And I purposefully choose certs from various CAs precisely because I do not want all of mu customers trusting the same KMS…

Written by

I am a charter member of the pocket-protector set, but old enough to make fun of them and otherwise have a healthy skepticism of tech. https://goo.gl/2z5Snr

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store