Hacker News new | past | comments | ask | show | jobs | submit
bhhaskin | on: Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]
It could also be an easy way to not have to implement backdoors for the government/military.
lxgr | parent
What "backdoor" would Let's Encrypt even implement? That's not how a CA works.

They might be compelled to issue a certificate to an unauthorized (by browser PKI policies, not local law) entity, but that would be very conspicuous due to Certificate Transparency.

firefax | root | parent
I suspect any "backdoor" would be inserted at the protocol level. See https://web.archive.org/web/20130918135152/http://www.thegua...
jcranmer | root | parent
How would they do that? The ACME protocol is "take the basic artifacts you use for certificate signing, wrap them in JSON (cryptographically, using standard JWS), then send them over using HTTP + TLS." Every part of that is something for which there exists a buttload of implementations in whatever language you care to use.
gopher_space | root | parent
> How would they do that?

Let me introduce you to the phrase "I don't see a mechanism."

firefax | root | parent
>Let me introduce you to the phrase "I don't see a mechanism."

I'm not familiar with this phrase, but I think I did a good job citing a comparable example in my original post.