科技回声

I'm surprised they basically choose to ignore explicitly made CAA records, if they don’t match any of their CAs. Why bother with setting up CAA records at all if they will be silently ignored?

Most big changes like this get rolled out gradually, but an expiration date causes things to break everywhere at once. They can minimize that impact with this change. Other websites will break first.<p>But I wonder if they will start using Let's Encrypt again later, in a more gradual way? For example, on any new websites that launch after the expiration date?

It's hard to criticize them for this in this context and I think that's the point. Otherwise, "We are dumping Lets Encrypt and switching to some CA" doesn't sound quite as nice.

Which CAs will they be using instead?

>MITM-as-a-Service switches CA.

Someone should tell cloudlare that certificates expire for a reason.

Read this as LE = Law Enforcement<p>What a poor title change.

I'm surprised they basically choose to ignore explicitly made CAA records, if they don’t match any of their CAs. Why bother with setting up CAA records at all if they will be silently ignored?

It's hard to criticize them for this in this context and I think that's the point. Otherwise, "We are dumping Lets Encrypt and switching to some CA" doesn't sound quite as nice.

Which CAs will they be using instead?

>MITM-as-a-Service switches CA.

Someone should tell cloudlare that certificates expire for a reason.

Read this as LE = Law Enforcement<p>What a poor title change.

We ensure Cloudflare customers aren't affected by LE's certificate chain change

7 条评论

We ensure Cloudflare customers aren't affected by LE's certificate chain change

7 条评论