Hacker News new | past | comments | ask | show | jobs | submit
theamk | on: Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]
DANE is entirely dependent on DNSSEC, and DNSSEC is, by design, under the government control, with all the bureaucratic mess and mistakes this implies.

This would be pretty terrible if anyone actually cared about DNSSEC, but luckily for us, no one cares.. So let's keep things this way.

trumpdong | parent | next
Domain registries can already get a certificate for your domain by changing the address to their own server temporarily and then doing ACME with LE. So no new vector is introduced by directly putting the cert in DNS.
Parodper | parent
You obviously don't know how DNSSEC works. The DNS root of trust is ICANN, not a government.
trumpdong | root | parent
That's worse, because ICANN is effectively the US government.