People don’t understand SSL/TLS There is a new . So lots of started screaming because they read phishing and in the same sentence. report that associates Let’s Encrypt with phishing people in Twitter Paypal Let’s is a foundation that gives certificates away for free. Not only that. Let’s Encrypt is trying to make installing and renewing a certificate effortless. Encrypt I decided to read the report which is more a blog post. Apparently the argument of the report is that Let’s Encrypt doesn’t do a proper validation before giving away the certificates. So many sites use the services in what appear to be Paypal phishing sites. But the report doesn’t say that domain name sellers are not doing proper validation before selling a phishing domain. But here comes the twist. The blog post appears in a site called . hashedout Under hashedout’s icon you can see in small letters “by The SSL store”. It turns out that the blog is from a company that . sells certificates A company that sells certificates creates a report criticising a foundation that gives certificates away for free. Yes. I know that they are different kind of certificates. In fact the argument is that the certificates they sell are given only after a proper validation. Anyway, what kind of certificates do they sell? Cheap!!! Yeah, a lot of Symantec, Thawte and GeoTrust. The same Symantec, Thawte and GeoTrust that have been (including extended validation certificates, those that have a name in green too) without proper validation. incorrectly emitting certificates The same Symantec, Thawte and GeoTrust that by at least a major browser. are going to be distrusted There is a serious problem with PKI. But guys, . you have a nerve
