Congrats to Let's Encrypt!
72 views
Skip to first unread message
Daniel Roesler
Oct 20, 2015, 10:54:01 AM10/20/15
to ca-...@letsencrypt.org
Howdy all,
I'd just like to send out a big congratulations to the Let's Encrypt
team for getting their first officially trusted TLS certificate[1]!
What a huge accomplishment!
Thanks so much for all of your hard work in making this possible! This
is a huge step forward in protecting users and websites, and I believe
this will be seen as a key pivotal moment in the history of the web.
Congrats again!
-Daniel Roesler
[1]: https://helloworld.letsencrypt.org/
I'd just like to send out a big congratulations to the Let's Encrypt
team for getting their first officially trusted TLS certificate[1]!
What a huge accomplishment!
Thanks so much for all of your hard work in making this possible! This
is a huge step forward in protecting users and websites, and I believe
this will be seen as a key pivotal moment in the history of the web.
Congrats again!
-Daniel Roesler
[1]: https://helloworld.letsencrypt.org/
Tom Ritter
Oct 20, 2015, 10:57:25 AM10/20/15
to Daniel Roesler, ca-...@letsencrypt.org
Congrats!
Although maybe at the same time you can answer something that's been
bugging me for a while - why do so many leaf certificates (including
LE's) get issued with the Client Authentication EKU
(1.3.6.1.5.5.7.3.2)?
-tom
> To unsubscribe from this group and stop receiving emails from it, send an email to ca-dev+un...@letsencrypt.org.
Although maybe at the same time you can answer something that's been
bugging me for a while - why do so many leaf certificates (including
LE's) get issued with the Client Authentication EKU
(1.3.6.1.5.5.7.3.2)?
-tom
Richard Barnes
Oct 20, 2015, 11:00:25 AM10/20/15
to Tom Ritter, Daniel Roesler, ca-...@letsencrypt.org
On Tue, Oct 20, 2015 at 10:57 AM, Tom Ritter <t...@ritter.vg> wrote:
> Congrats!
>
> Although maybe at the same time you can answer something that's been
> bugging me for a while - why do so many leaf certificates (including
> LE's) get issued with the Client Authentication EKU
> (1.3.6.1.5.5.7.3.2)?
Why not? If someone wants to authenticate as say "example.com" as a
> Congrats!
>
> Although maybe at the same time you can answer something that's been
> bugging me for a while - why do so many leaf certificates (including
> LE's) get issued with the Client Authentication EKU
> (1.3.6.1.5.5.7.3.2)?
TLS client, should it not be able to use the same cert? It seems like
this could be useful for server-to-server stuff, like mail.
--Richard
Tom Ritter
Oct 20, 2015, 11:08:59 AM10/20/15
to Richard Barnes, Daniel Roesler, ca-...@letsencrypt.org
On 20 October 2015 at 10:00, Richard Barnes <r...@ipv.sx> wrote:
> On Tue, Oct 20, 2015 at 10:57 AM, Tom Ritter <t...@ritter.vg> wrote:
>> Congrats!
>>
>> Although maybe at the same time you can answer something that's been
>> bugging me for a while - why do so many leaf certificates (including
>> LE's) get issued with the Client Authentication EKU
>> (1.3.6.1.5.5.7.3.2)?
>
> Why not? If someone wants to authenticate as say "example.com" as a
> TLS client, should it not be able to use the same cert? It seems like
> this could be useful for server-to-server stuff, like mail.
I suppose. I've just always had this nagging feeling in the back of
> On Tue, Oct 20, 2015 at 10:57 AM, Tom Ritter <t...@ritter.vg> wrote:
>> Congrats!
>>
>> Although maybe at the same time you can answer something that's been
>> bugging me for a while - why do so many leaf certificates (including
>> LE's) get issued with the Client Authentication EKU
>> (1.3.6.1.5.5.7.3.2)?
>
> Why not? If someone wants to authenticate as say "example.com" as a
> TLS client, should it not be able to use the same cert? It seems like
> this could be useful for server-to-server stuff, like mail.
my mind that it would cause a vulnerability... somewhere. But it's
hard to come up with a scenario, especially since (I believe...?)
S/MIME requires its own separate EKU, and it would be pretty foolhardy
to set up a server that accepts client certs for HTTPS auth that are
issued by a broad CA you don't have a relationship with.
-tom
Chiến Nguyễn
Oct 20, 2015, 12:53:01 PM10/20/15
to Daniel Roesler, ca-...@letsencrypt.org
Congrats all.
Thanks for your helping all.
Chien
Jesse Endahl
Oct 20, 2015, 1:30:00 PM10/20/15
to Chiến Nguyễn, Daniel Roesler, ca-...@letsencrypt.org
Congrats!
amit verma
Oct 20, 2015, 1:39:10 PM10/20/15
to Jesse Endahl, Chiến Nguyễn, ca-...@letsencrypt.org, Daniel Roesler
Congrats everyone and hats off to the team.
Hung Le Thanh
Oct 20, 2015, 8:36:17 PM10/20/15
to amit verma, Jesse Endahl, Chiến Nguyễn, ca-...@letsencrypt.org, Daniel Roesler
Congrats all.
Thanks for your helping !
Hung
Reply all
Reply to author
Forward
0 new messages