At long last, a Lets Encrypt alternative (in that you get free certs via the ACME protocol):

@captainepoch A pretty long track record of not being good at their jobs (one time they emailed a lot of their userbase a list of a lot of the rest of their userbase), bad policy decisions based on magical thinking (nobody needs wildcards, until we suddenly decide we do), and shifty technical decisions (their new root certs use manipulable NIST curves).

I just don't trust them, which sucks because trust is their main product.

@khm Mmm... Fair enough, I didn't know about this (which makes me feel bad because I use Let's Encrypt).

The problem I see with Buypass is that I don't see anything related to the source code, just general information and a few howtos (I might missed it). So, even based on EU and being a Norway company, how could I trust them? 🤔

@captainepoch I consider that a red herring. Lets Encrypt has released tons of source code and approximately zero proof that they're actually running any of it in production. It's just PR, not a meaningful commitment to transparency.

Would I prefer a transparent provider? Of course. Are there any? No.

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko