Hackernoon logoLetsEncrypt, Paypal and selling fear by@gonfva

LetsEncrypt, Paypal and selling fear

Author profile picture

@gonfvaGonzalo Fernandez

People donโ€™t understand SSL/TLS

There is a new report that associates Letโ€™s Encrypt with phishing. So lots of people in Twitter started screaming because they read phishing and Paypal in the same sentence.

Letโ€™s Encrypt is a foundation that gives certificates away for free. Not only that. Letโ€™s Encrypt is trying to make installing and renewing a certificate effortless.

I decided to read the report which is more a blog post.

Apparently the argument of the report is that Letโ€™s Encrypt doesnโ€™t do a proper validation before giving away the certificates. So many sites use the services in what appear to be Paypal phishing sites.

But the report doesnโ€™t say that domain name sellers are not doing proper validation before selling a phishing domain.

But here comes the twist. The blog post appears in a site called hashedout.

Under hashedoutโ€™s icon you can see in small letters โ€œby The SSL storeโ€. It turns out that the blog is from a company that sells certificates.

A company that sells certificates creates a report criticising a foundation that gives certificates away for free.

Yes. I know that they are different kind of certificates.

In fact the argument is that the certificates they sell are given only after a proper validation.

Anyway, what kind of certificates do they sell?

Cheap!!!

Yeah, a lot of Symantec, Thawte and GeoTrust.

The same Symantec, Thawte and GeoTrust that have been incorrectly emitting certificates (including extended validation certificates, those that have a name in green too) without proper validation.

The same Symantec, Thawte and GeoTrust that are going to be distrusted by at least a major browser.

There is a serious problem with PKI.

But guys, you have a nerve.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.