Let us use Let's Encrypt, they said.
It will make our lives easier, they said.
It lets us automatically renew so we don't have to do that stupid commercial CA crap, they said.

Let us do what they want, they said, and everything will be better, we promise to monitor things, they said. Your selections are garbage, they said, why do you pay any money at all for something that's free anyway, they said, you must be incompetent and in the pockets of Big Certificate.

Fucking every time I start down the "how is our TLS situation" I get sidetracked down fifty fucking rabbit holes and then 6 months later I realise I never got a damn thing done on the TLS stuff because I found fifteen other issues that I had to chase and chase and chase for.

Show thread

I gave a talk in December 2015 where I wanted us to have mature configurations, at least, across all public systems by December 2016. We're now further behind than we were when I gave that talk.

Show thread
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!