Hacker News new | past | comments | ask | show | jobs | submit
47282847 | on: Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]
EU? There’s almost zero information on the company, no privacy policy? The only place I found any mention is the footer, “HID Global Corporation, part of ASSA ABLOY”. Assa Abloy seems Swedish but HID Global is a US company as far as a quick search goes. But without a proper company info page and privacy policy I wouldn’t consider it anywhere near a “good alternative” regardless.
ZeroSSL | parent | next
Jumping in here since we’ve been seeing more mentions of ZeroSSL lately, likely related to the recent CA/B Forum discussions around 1‑year certificates and ACME automation.

- We’re based in Austria (ZeroSSL GmbH). The company was acquired by HID in 2024, which is part of Assa Abloy (Sweden).

- We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.

- For DV certs specifically, we act as a distributor. Under the hood these are Sectigo-issued certificates, similar to how other providers (for example Namecheap) operate.

Happy to clarify further if useful.

kruffalon | root | parent | next
> - We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.

OK, but in the context of this topic thr interesting part isn't your marketing but your jurisdiction.

Could you clarify which jurisdiction you operate under and a link on the ZeroSSL website that collaborates that?

Thank you <3

hoistbypetard | root | parent | next
Sectigo used to be Comodo's CA business. If memory serves, that business was purchased by a US PE firm and renamed "Sectigo". Sectigo Inc.'s corporate headquarters is now in Scottsdale, AZ.

There's no reason to believe they're any less subject to US jurisdiction than LetsEncrypt.

loading story #48465948
redrblackr | root | parent
Any plans on becoming an independent CA? Would certificates issued in your name also risk being affected by US sanctions trough sentigo?
loading story #48464982
slau | parent | next
HID was originally American and Scottish, but became fully American in 1994.

HID was acquired by Assa Abloy in 2000. No idea whether that means we now consider it Swedish.

ZeroSSL used to be Austrian until their acquisition in 2024.

I used to work for a company that got acquired by HID. It looks like HID has retained their original offices in some form.

nomadwastaken | parent
The privacy policy is under legal in the footer, exactly where I'd expect it to be honest. It also gives the company registration: > 1.1. We, ZeroSSL GmbH, FN 443956b (the “Company“) and below that the company address (registered in Austria).

Don't get me wrong, I agree that there is some lack of "who actually runs/controls this", especially on the about page where I expect such things to be.

At the very least it's not as transparent as I'd wish from a CA. E.g their Certificate Agreement is from Sectigo, so are they involved? No mention anywhere else from what I can see.

47282847 | root | parent
I don’t see “legal” in the footer on mobile. Or any other link. Or a link to an About page in the main nav. There’s nothing.
loading story #48467368