Hacker News new | past | comments | ask | show | jobs | submit
lxgr | on: Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]
What "backdoor" would Let's Encrypt even implement? That's not how a CA works.

They might be compelled to issue a certificate to an unauthorized (by browser PKI policies, not local law) entity, but that would be very conspicuous due to Certificate Transparency.

firefax | parent
I suspect any "backdoor" would be inserted at the protocol level. See https://web.archive.org/web/20130918135152/http://www.thegua...
jcranmer | root | parent
How would they do that? The ACME protocol is "take the basic artifacts you use for certificate signing, wrap them in JSON (cryptographically, using standard JWS), then send them over using HTTP + TLS." Every part of that is something for which there exists a buttload of implementations in whatever language you care to use.
gopher_space | root | parent
> How would they do that?

Let me introduce you to the phrase "I don't see a mechanism."

firefax | root | parent
>Let me introduce you to the phrase "I don't see a mechanism."

I'm not familiar with this phrase, but I think I did a good job citing a comparable example in my original post.