Why I won’t use Let’s Encrypt

The argument that this person makes from what I can gather is I should not redirect people to https since their hosting company is not trustable by design of holding said keys and second that who am I to impose encryption on others who should be aware of their own follies by using said compromised keys. This is a terrible post to make it on Hacker News as the straw men arguments here are exactly what harms individual users based on the ignorance of the service holder. Fine that this is his choice but also fine that browsers make it explicitly clear that the site being used is a potential security threat. Making excuses for why you should not have encryption based on your biases against the security itself because your provider "may" have access to your keys and you don't trust them is a bad excuse. If indeed you truly distrusted your provider than find another that is more trustworthy. If you cannot then you should self host but it doesn't get you off the hook from providing secure services to your users. In fact it puts you more on the hook for it. If you do not trust yourself which is what is also lumped in with the argument of not trusting VPS provider you have bigger problems and should probably not be participating in this eco system if you cannot trust yourself.

&gt; So in conclusion: [...] LE is definitely a NOBUS.<p>This sounds a lot like a conspiracy theory and I don&#x27;t see in the article any explanation how that&#x27;s relevant or possible.<p>LE doesn&#x27;t force you to add CAA DNS records. Furthermore, you have CAs in your browser&#x2F;machine that are far more sketchy than LE in the first place.<p>I think the article suffers from a clear point that I can put my finger on and say &quot;oh yeah this is why LE is bad&quot;, in fact I don&#x27;t see any points supporting that in a solid way. The article could be 1&#x2F;5th the length and still achieve the same result.

&gt; My tarballs and Git tags are always signed with OpenPGP key<p>A key whose public component and fingerprint you serve over unencrypted HTTP too, meaning it doesn’t actually give any extra protection against a MITM.

i really don&#x27;t understand this logic, taking the option of no security at all vs possibly flawed. it&#x27;s like not locking your front door because a thief could just break in through a window.

This guy is loopy.<p>I use Let’s Encrypt so that my users don’t get a security warning. That’s all. It’s worth it just for that.

&gt; First of all, statements about lack of HTTPS are just completely plain dumb: try to explicitly tell your computer that you desire using HTTPS protocol, by replacing <a href="http:&#x2F;&#x2F;" rel="nofollow">http:&#x2F;&#x2F;</a> with <a href="https:&#x2F;&#x2F;" rel="nofollow">https:&#x2F;&#x2F;</a> in URLs.<p>That just gives a scary error, since the site&#x27;s certificate is signed by &quot;ca.cypherpunks.ru&quot; instead of anyone trustworthy. And even if that did work, users shouldn&#x27;t have to do it themselves.<p>&gt; Next awful thing is that many people tend to confuse encryption and authentication of the endpoint (my websites in current case). With HTTPS you will definitely get good working encryption. Period. HTTPS clients generally complain about inability to authenticate the endpoint, but they won’t forbid using encryption. What people want for? Encryption? Then enable it by pointing to <a href="https:&#x2F;&#x2F;" rel="nofollow">https:&#x2F;&#x2F;</a>!<p>We want encryption and authentication. With just encryption, it&#x27;s trivial for an active MITM to decrypt the traffic.<p>&gt; I can not set up TLS on VPS, because its hosting company obviously will have access to all of its internals, including TLS private keys.<p>So?<p>&gt; If I give TLS private keys to the hosting company, then what is the point of using TLS and lying that it can authenticate the endpoint domain?<p>Is the argument here really that you should never use TLS except on bare-metal servers under your physical control?<p>&gt; Second reason is that it is not my responsibility to impose user the desired security protocol usage.<p>Fine, don&#x27;t force it then. Keep insecure HTTP too, but at least set up HTTPS properly so that people who do want it can use it.<p>&gt; Possibly there is already IPsec transport session, transparently securing the link.<p>No, there definitely isn&#x27;t, since one end of it would have to be on his server for it to be secure, and if that were the case then he&#x27;d know about it.<p>&gt; There is no reason for me to spend my money paying one of chosen CAs, because any of hundreds CAs beside can issue &quot;valid&quot; certificate for MitM-ing connections.<p>There&#x27;s no reason to reduce the number of attackers from &quot;literally everyone&quot; to &quot;a few heavily-audited CAs&quot;?<p>&gt; So what I am paying for?<p>Wait, I thought this article was called &quot;Why I won’t use Let&#x27;s Encrypt&quot;, and Let&#x27;s Encrypt is free.<p>&gt; Some browsers used OCSP, that literally leaks your intentions about visiting different entities to third-parties in real time.<p>Unless you&#x27;re visiting a site on a big CDN like Cloudflare, and using both DNS-over-HTTPS and TLS eCH, you&#x27;re leaking this anyway. Plus, OCSP stapling already exists just to close this leak.<p>&gt; Google decided that all CAs have to use Certificate Transparency technology. Apple decided that certificate’s validity can not long more than ~400 days. From X.509’s point of view your certificate can be pretty fully valid, but not from Google&#x2F;Apple one.<p>Won&#x27;t CAs not issue you certificates that don&#x27;t meet Google and Apple&#x27;s requirements anymore? So doesn&#x27;t that make this irrelevant?<p>&gt; Very short-lived certificates and the fact that most ACME-clients create new keypair during each renewal, heavily complicates ability to use any kind of pinning. I visit many sites once per month – and it means that every time I get new public key, making pinning useless. LE tells that it is for limiting the damage from possible key compromising. Yeah, sure. However at least you are allowed not to generate new key pair.<p>Even if this were a legitimate concern, since you can just pass --reuse-key to certbot for your own site, this isn&#x27;t a reason to not use LE.<p>&gt; LE is clearly a NOBUS project. But do you remember that any of CA authorities imported in OS can MitM my domains anyway (by definition)? Well, partly you can prevent that for some software by using CAA DNS records, where you explicitly tell which CA authorities are authorized to issue certificates for given domains. Specifying LE in CAA means that I authorize noone to issue certificates for my domains, except for US-based forces. That is something I will never do, being the citizen of completely independent jurisdiction. I am not a traitor.<p>CAA doesn&#x27;t protect you in the slightest against malicious CAs. It&#x27;s the CA&#x27;s responsibility alone to check CAA, and if they ignore it and issue a certificate anyway, everything will still trust the certificate. And it&#x27;s absurd to think using CAA would make you a traitor.<p>&gt; And there is another inconvenience of LE usage for me: they can easily revoke all certificates and prohibit usage at any time, because they have to comply with US-local policies on restrictions to sanctioned countries&#x2F;regions. There were many occasions when ordinary programmers&#x2F;users were banned on US-based services (like GitHub) just for visiting Iran or Crimea region. I visited several sanctioned countries and regions many times so far.<p>If you&#x27;re worried about that, then just use a different ACME CA. It&#x27;s still not a reason to use insecure HTTP. And I&#x27;d like to see evidence of a single person being banned from GitHub just for visiting Crimea once.