The shorter lifespan is a net plus for security, but it ends up meaning either more frequent maintenance and its related costs or an automatic renewal system which fosters “fire and forget” complacency… Net negatives which in my opinion outweigh the positives…

Otherwise, you cannot minimize the risk unless you first understand the basis of trust. Making an SSL cert the shiny object (which is what LE is doing) misleads the business community into thinking that encryption is trust-worthy — when it isn’t. The KMS of the CA is the true object of trust.

Now if everyone is piling into the same CA, and at some point in the future the trust in that CA is violated, the consequences will be far more severe than a fragmented paid CA market.

Written by

I am a charter member of the pocket-protector set, but old enough to make fun of them and otherwise have a healthy skepticism of tech.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store