undefined | Better HN

0 pointstoomuchtodo10y ago0 comments

> This is not what regular style certificates verify. That is what Extended Validation certificates verify and they're not issued by letsencrypt.org and generally are a lot more expensive.

I'd like to see LetsEncrypt move into this territory though. What current private business providers are charging for this service is border-line extortion.

0 comments

schoen10y ago

EV validation will have a marginal cost because of the offline interactions. DV can be done at almost no marginal cost. That's why Let's Encrypt can exist at all.

icebraining10y ago

FWIW, you can already get an SSL cert for $4/year.

Buge10y ago

"this territory" was referring to EV certificates. Those cost more than $4.

icebraining10y ago

I misread the post, sorry :|

lifeisstillgood10y ago

But the certificate is (supposed) to say we have verified that this person / organisation exists and is "allowed" this domain.

Now if we extend the idea of every business or even human having their own (sub)-domain (lots of good benefits there) then we are in the territory of ensuring the CA's track you from birth - that's what governments do, and boy are they expensive.

I think what I am saying is we either have CA we can trust or we dump the whole thing and go to web of trust

tokenizerrr10y ago

That ship has sailed years ago. And now we have EV certificates to deal with that problem.

schoen10y ago

For the time being, it's DNS registrars who define who is allowed particular domain names, and DV CAs just try to draw the connection between what the registrars have said and the server you're visiting at a particular moment.

j / k navigate · click thread line to collapse

0 pointstoomuchtodo10y ago0 comments

> This is not what regular style certificates verify. That is what Extended Validation certificates verify and they're not issued by letsencrypt.org and generally are a lot more expensive.

I'd like to see LetsEncrypt move into this territory though. What current private business providers are charging for this service is border-line extortion.

0 comments

schoen10y ago

EV validation will have a marginal cost because of the offline interactions. DV can be done at almost no marginal cost. That's why Let's Encrypt can exist at all.

icebraining10y ago

FWIW, you can already get an SSL cert for $4/year.

Buge10y ago

"this territory" was referring to EV certificates. Those cost more than $4.

icebraining10y ago

I misread the post, sorry :|

lifeisstillgood10y ago

But the certificate is (supposed) to say we have verified that this person / organisation exists and is "allowed" this domain.

I think what I am saying is we either have CA we can trust or we dump the whole thing and go to web of trust

tokenizerrr10y ago

That ship has sailed years ago. And now we have EV certificates to deal with that problem.

schoen10y ago

j / k navigate · click thread line to collapse