this post was submitted on 09 Aug 2023
55 points (96.6% liked)

Explain Like I'm Five

14575 readers
2 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 2 years ago
MODERATORS
 

For example, anyone could use Let's Encrypt to get a trusted certificate, so what makes this trustworthy? Or why not trust everyone that signs their own certificates with a program like OpenSSL?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 1 year ago

There's some great answers already here, but I want to add a detail fir some context. Like others mentioned, Let's Encrypt does just the bare minimum of verification. They aren't really verifying that you are who you say you are, they are verifying you control the website. The reason is due to their goal.

They want as many people as possible using a secure Web protocol, and that requires as many people as possible have a certificate for any websites they run. There is minimal verification of identity, but the benefit of encrypted communications and even that bare minimum id is a huge step up in consumer security from old unprotected protocols.