Re: buying ssl certificate

To: debian-user@lists.debian.org
Subject: Re: buying ssl certificate
From: Don Armstrong <don@debian.org>
Date: Wed, 31 May 2017 12:06:37 -0500
Message-id: <[🔎] 20170531170637.r3ujlnscbfakpsvx@geta>
In-reply-to: <[🔎] DBXPR05MB15734DB5AFC30B4E830F871A0F00@DBXPR05MB157.eurprd05.prod.outlook.com>
References: <[🔎] DBXPR05MB1570D5A81CFDF85F09712D4A0FC0@DBXPR05MB157.eurprd05.prod.outlook.com> <[🔎] 20170528151029.GY3012@bitfolk.com> <[🔎] DBXPR05MB15734DB5AFC30B4E830F871A0F00@DBXPR05MB157.eurprd05.prod.outlook.com>

On Tue, 30 May 2017, kc atgb wrote:
> One problem I might have with letsencrypt is that it is not recognized 
> by all protocol clients. We have customers that are not always up to 
> date on their side (old OSes, softwares, hosts, ... ), and letsencrypt 
> is recent in the race, so not integrated on these devices.

Letsencrypt signs with a signing key which is signed by the DST Root CA
which has been valid since 2000, and should be present on almost every
device. [For reference, google.com is signed by a key which was
generated in 2002...]

So if it does have an issue with validity, it's an issue which many
SSL certificates are going to share.

-- 
Don Armstrong                      https://www.donarmstrong.com

They say when you embark on a journey
of revenge
dig two graves.
They underestimate me.
 -- a softer world #560
    http://www.asofterworld.com/index.php?id=560

Reply to:

Follow-Ups:
- Re: buying ssl certificate
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>

References:
- buying ssl certificate
  - From: kc atgb <kisscoolandthegangbang@hotmail.fr>
- Re: buying ssl certificate
  - From: Andy Smith <andy@strugglers.net>
- Re: buying ssl certificate
  - From: kc atgb <kisscoolandthegangbang@hotmail.fr>

Prev by Date: Re: Poor X performance with Intel 8086:22b1 (Braswell)
Next by Date: Re: buying ssl certificate
Previous by thread: Re: buying ssl certificate
Next by thread: Re: buying ssl certificate
Index(es):
- Date
- Thread