As Let's Encrypt Public Launch Approaches, More CAs Consider Offering Free DV Certificates

[Lucian Armasu]

CertSimple, a provider of Extended Validation certificates, said that more certificate authorities are expected to match Let's Encrypt's offer with free Domain Validation certificates.

As Let's Encrypt Public Launch Approaches, More CAs Consider Offering Free DV Certificates : Read more

 

[vern72]

Too bad Thawte is gone. I had a free certificate through their "Web of Trust".

 

[Darkk]

While it's a noble idea but giving out free certs may give hackers easy way to exploit it. I'd be happy to pay $5 for a basic SSL cert knowing that it went through some kind of verification process via credit card.

For my own websites for personal use I just generate my own SSL certs with the info the way I wanted. Granted I'll get that nice error via the browser but it's still secure.

 

[Haravikk]

While it's a noble idea but giving out free certs may give hackers easy way to exploit it. I'd be happy to pay $5 for a basic SSL cert knowing that it went through some kind of verification process via credit card.

Let's Encrypt works through installing a tool onto your web-server (or having your hosting provider do it for you); the main reason for this is automatic renewal of certificates (as they only issue 90-day ones).

However, it also allows them to verify your ownership of the domain; basically the program can do several things to your site that Let's Encrypt can then check, such as creating a file with a random name that they can look for at domain.tld/random_file.html.

This should be sufficient verification for free certificates, as an attacker would need to point your DNS records to their own malicious server, or gain access to your server and tamper with it, but these are things that a certificate wouldn't necessarily protect against anyway.

The point of extended validation certificates is to verify that there is someone legally responsible for the domain, so if money is lost or whatever you have someone to pursue legal action against, or report to trading standards etc.

 

[randomizer]

For my own websites for personal use I just generate my own SSL certs with the info the way I wanted. Granted I'll get that nice error via the browser but it's still secure.

Yep, it provides exactly the same security as any other certificate. The only difference is that your certificate has not been rubber stamped by a member of the oligarchy and browsers don't like certificates that are not part of the Web of Blind Faith.

 

[IndignantSkeptic]

Wow... I know the GTX470 is an old card by now, but I'm shocked that it's in the same very-low-performance tier as the r7 240. Tom's own GPU Heirarchy Chart has the GTX470 matched up with the r7 260X and the r7240 matched up against the ancient 8800gs. The whole thing is as confusing as the games that suggest a r9 290 for the same performance tier as a gtx460.

The way something is programmed can bias it to work better with either AMDATI or Nvidia.