SoylentNews is people
SoylentNews
Popular Bash shell script LetsEncrypt.sh, which is used to manage free SSL/TLS certificates from the Let's Encrypt project, has renamed this week to avoid a trademark row. This comes in the wake of Let's Encrypt successfully fending off Comodo, which tried to cynically snatch "Let's Encrypt" for itself.
LetsEncrypt.sh, written by Germany-based Lukas Schauer, is now known as Dehydrated. If you have scripts or apps that rely on pulling in his code and running it, they may stop working as a result of the name change. Dehydrated is developed independently by Schauer and is not officially affiliated with Let's Encrypt.
"This project was renamed from letsencrypt.sh because the original name was violating Let's Encrypt's trademark policy. I know that this results in quite a lot of installations failing but I didn't have a choice," reads the new Dehydrated README.
[...] Full disclosure: This article's author uses Let's Encrypt to provide HTTPS encryption for his personal websites. And you should use it too.
Our Previous Story: 800-Pound Comodo Tries to Trademark Upstart Rival's "Let's Encrypt" Name
(Score: 5, Insightful) by Thexalon on Monday September 19 2016, @09:48PM
1. The credit card information isn't something you as the general public know, you'd have to politely ask the fly-by-night certificate authority reseller for it. And then hope that it isn't stolen and gives you a trail back to a harmless little old lady or something, because we know that somebody shady enough that you'd want to trace them would never think to do that. If you need to trace a bad guy or something, wouldn't you have at least as much luck finding them out via their domain name registrar or hosting provider?
2. The validation that Let's Encrypt does for a domain is identical to the validation that a basic SSL certificate does, it's just done in an automated fashion. That validation amounts to "stick a file on your webserver, access the website using the domain, if that file is there as expected then you're good to go". You seem to be assuming that it's somehow more secure if money changes hands, when that doesn't do anything except validate that somebody has a credit card with at least $25 or so available on its credit limit.
3. The basic level of SSL only provides two things (1) Some approximate proof that when you're reaching what you think is example.com, it's really example.com and not a MITM proxy, and (2) protection against anybody who isn't the NSA easily reading the data. That's it. That's all it's ever done. Why not give people the tools to do that cheaply and easily? What advantage is there to anyone other than certificate resellers to making everybody who wants to do that pay some gatekeeper?
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by DannyB on Tuesday September 20 2016, @06:01PM
I hope nobody would be suggesting that if I encounter a google.com certificate issued by Honest Achmed's Certificate Authority of Tehran Iran, that I should not trust it?
Wouldn't that be profiling? Or not trusting all Certificate Authorities equally?
The lower I set my standards the more accomplishments I have.
(Score: 2) by meustrus on Tuesday September 20 2016, @09:07PM
Well Thexalon certainly didn't suggest that. If you don't trust certain CAs, well that's a different problem. A problem that once again is not made worse by Let's Encrypt.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?