Not sure if there is a point to "keep things in Europe" when it come to certificate authority.
- LetsEncrypt don't have the private key tied to your certificate
- Any of the Certificate Authorities could potentially emit unauthorized certificate
Your only protection for all of these problems is HPKP. If you prefer to keep things in Europe, keep that pinned private key in Europe, but the rest doesn't matter.
That said, it's pretty nice that LetsEncrypt forced the ACME protocol on this industry. Not only it create redundancy with mostly interchangeable alternatives but before ACME, there was no way to fully automate certificate provisioning cleanly.
Just to clear up one point -- Let's Encrypt did not at all force ACME on the industry. We deliberately took it to the IETF so that we could get input from more parts of the industry (including some major refactors!). Instead of pressure from Let's Encrypt, I would attribute its success to the open process of the IETF, the awesome open-source community that made great ACME software (shoutout to Matt and Caddy!), and the resulting pressure on CAs for a better user experience from users and customers.
I didn't express myself well but what I meant by force is that by building a standardized to automate way manage certificate, ACME imposed itself and became mandatory.
Previously, most CA had no programmatic way to order certificate, it was all done manually.
As far as I know, the only providers with that would let you automate certificate provisioning at the time where Comodo, GlobalSign and Digicert.
At first none of them were warm at the idea of providing an ACME endpoint. I'm assuming part of it is the cost of implementing it but they probably liked the stickiness of their custom APIs too tied to million dollars contracts.
Nowadays they all implement ACME. At some point, they where effectively forced to implement it to acquire new customers and keep their existing base around because nobody would accept poorly designed custom made protocol anymore.
It was a red herring the entire time. At Shopify we made experiment regarding conversion between regular certs and EV before they stop being displayed and there was no significant difference. The users don't notice the absence of the fancier green lock.
I think the rebuttal to the CEO today is really very simple.
a) How many of the sites you visit everyday have DV and how many have EV certificates?
b) Name any site at all, that you have visited, where your behavior or opinion has changed because of the certificate?
In truth the green-bar thing disappeared on mobile long before desktop (and in some cases it was never present.)
In truth if you polled all the company staff, or crumbs just the people round the boardroom table (probably including the person complaining) a rounding error from 0 could show you how to even determine if a cert was DV or EV.
EV could have an inspector literally visit your place of business, and it would still have no value because EVs are invisible to site visitors.
As someone who live in Quebec this make sense to me and apparently the vast majority of the population. There is more opposition to vaccine mandate to access retail store than taxing the unvaccinated.
I don't think anybody would be surprise to hear that smokers pay a tobacco surcharge for their health insurance in the US.
High pressure from covid patient is causing healthcare system cost to skyrocket. You have the 10% of unvaccinated who are causing for 45% of that load increase.
In a system with universal healthcare system, where everyone pay for the system with taxation, surcharge have to happen with taxes. If a few decide to get vaccinated great but I don't think it's the point. Honestly, they haven't announced the specific but I doubt the tax will be high enough to account for the real healthcare cost of population vaccinated.
Let me rephrase with a quote from the public-key cryptography wiki:
"An attacker who could subvert any single one of those certificate authorities into issuing a certificate for a bogus public key could then mount a "man-in-the-middle" attack as easily as if the certificate scheme were not used at all."
This article is quite interesting but I'm not too sure why the author felt the need for such a pedantic attitude toward the guy from the video. Its presumptuous without adding much to the discussion.
Because Dr. Drang (his pseudonym) has a PhD in civil engineering, and is a practicing Professional Engineer specializing in failure analysis, making him uniquely qualified to comment on such a video's technical shortcomings.
If you follow him, he often includes a delightful amount of sarcasm and snark, enjoyably so.
Apple TV, Amazon Echo/eero, Google Nest are all Thread/Matter hub.
Ikea just started to selling cheap Thread devices. It will soon be mainstream to have IPv6 devices in your home network.