Please read the following article: https://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates

You have completely skipped the points I have made about the insider threat and the complacency which free and automated begets.

Let’s say LE suffers one of the breaches described in the article above… Its certs will be revoked. If a website is hosted by a company who chose LE for its convenience and price — again, a central point in my essay — there is a good chance traffic to their site drops dramatically, their search engine ranking crater, and the business folks are none the wiser.

Every single person who has responded to my essay has responded from what I call the “crowded perspective.” If you look at any subject you are looking at it from a certain perspective. What we in tech fail to perceive is when that perspective becomes crowded to the point where we all see the same thing and start congratulating ourselves for how smart we are, we fall victim to group-think…

So break out of the crowded perspective and find another spot on the “sphere” around the subject. Look at SSL certs from the perspective and motivations of the non-technical business person and you see that “free” and “automated” come with a whole set of risks we have not accounted for — because we have all crowded into the same perspective without even realizing it.

Written by

I am a charter member of the pocket-protector set, but old enough to make fun of them and otherwise have a healthy skepticism of tech. https://goo.gl/2z5Snr

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store