Rendered at 00:36:14 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
CobrastanJorji 6 hours ago [-]
Let's Encrypt’s mission is to create a more secure and privacy-respecting web, except for people residing in countries with the most need for a more secure and privacy-respecting web. Sure, that's great.
That said, pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries. I'm sure some of y'all are old enough to remember when web browsers came in "international friendly" versions that supported 40 bit encryption, or "fancy secure" versions with 128 bit encryption.
jaas 2 hours ago [-]
Let's Encrypt continues to be available to almost every vulnerable population in the world, including those that need it most. I say almost as I'm hesitant to speak in absolutes regarding a topic as complex as this.
Most of our sanctions-related blocks apply only to the governments of certain sanctioned countries, not their general population.
This subscriber agreement update was intended to better reflect our legal requirements. It does not reflect a major change in the service we provide. Our compliance program does evolve over time, and part of that is communicating about it better in our terms of service. It's clear from some of the comments here that we have more work to do to make that text more understandable, we'll work on that.
> That said, pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries. I'm sure some of y'all are old enough to remember when web browsers came in "international friendly" versions that supported 40 bit encryption, or "fancy secure" versions with 128 bit encryption.
It doesn't.
notamario 1 hours ago [-]
When you say “our legal requirements” do you mean requirements LE imposes in its agreements or requires imposed on LE by governments?
jaas 1 hours ago [-]
I was referring to the requirements imposed on us. When it comes to sanctions, we do not block anything more than what is required by law.
loloquwowndueo 3 hours ago [-]
I’m actually old enough to remember how PGP code was exported as a book printout because exporting computer code for cryptography with strong keys in digital form was disallowed but a book was fine (protected by first amendment rights). The printout was scanned abroad to reconstitute the source and build pgp legally.
rzerowan 6 hours ago [-]
Seems in all thing tech at the moment the US legal system is accelearting a great split and erectinga digital iron curtain, from AI models to the more mundane like TLS certs.
Its been standard for a while for many Linux distros based in the US to toe the party line - like RedHat having notices pretty similar to this one by LE.
Seems any meaningful Open Projects will have to choose what path they want to take, be like RISC-V and relocate or LE and others and enforce the divide.
xxpor 5 hours ago [-]
The RISC-V move was laughable. It’s still US tech, developed largely with DARPA funds.
mschuster91 2 hours ago [-]
So what? If I disagree with the direction any FOSS project (or its maintainers) is taking... I can just fork it. People have done that countless times in the history of FOSS, most notably in the xOffice schism.
wodenokoto 16 minutes ago [-]
> Let's Encrypt’s mission is to create a more secure and privacy-respecting web, except for people residing in countries with the most need for a more secure and privacy-respecting web. Sure, that's great.
If complying with the law gets in the way of the mission I’m not sure that counts as a change to the mission.
bigiain 43 minutes ago [-]
Some (well, at least one) of us are old enough to have owned one of these:
> pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries
This is most likely OFAC. Lets Encrypt could apply for a license to do business with sanctioned entities, and given their use case it would most likely be approved.
OFAC regulates commerce, not speech. Let's Encrypt is not doing "business", they're operating a free informational service. Lots of organizations interpret any information exchange as subject to OFAC regulation, and you and Let's Encrypt have good company in this interpretation, but I think it's unnecessarily ceding ground.
10000truths 2 hours ago [-]
The government may use as wide of an interpretation of commerce as they can get away with. We've seen this happen before [0]. Sure, Let's Encrypt isn't taking money from the entities they offer certificates to. But the OFAC desk jockey assigned to that case only has to concoct some sufficiently plausible-sounding trail of money connecting the backing 501(c)3 and a sanctioned entity in order to levy penalties, and the legal team will not like that risk, even if it's unlikely for OFAC to win on appeal in a court.
This is true, of course, and I understand why some companies don't want to take the risk. But I would hope that Let's Encrypt would take the opposite stance. They were born out of the EFF and have EFF & ACLU board members! These orgs live for this type of legal fight.
tbrownaw 33 minutes ago [-]
Wasn't there news a bit ago about some people being suddenly excluded from Linux kernel development for presumably similar reasons?
4 hours ago [-]
bhhaskin 4 hours ago [-]
It could also be an easy way to not have to implement backdoors for the government/military.
lxgr 3 hours ago [-]
What "backdoor" would Let's Encrypt even implement? That's not how a CA works.
They might be compelled to issue a certificate to an unauthorized (by browser PKI policies, not local law) entity, but that would be very conspicuous due to Certificate Transparency.
How would they do that? The ACME protocol is "take the basic artifacts you use for certificate signing, wrap them in JSON (cryptographically, using standard JWS), then send them over using HTTP + TLS." Every part of that is something for which there exists a buttload of implementations in whatever language you care to use.
throwaway85825 4 hours ago [-]
If you truly need a secure and private web you should be using tor.
Izmaki 3 hours ago [-]
Say what, now?
Anonymity and encrypted communication are two very, very different things. Have one but not the other and you're essentially handing off your private data incl. passwords to whoever that has a tap on the communication between you and the server can fetch them, too. Have the other but not the one and everyone will know who you are, but they can't eavesdrop.
firefax 2 hours ago [-]
I've had people straight up serve me malware when you attempt to OSINT them with Tor. Sometimes you need different kinds of anonymity, and I see a lot of one sized fits all proclamations on HN.
idoubtit 18 hours ago [-]
Couldn't LE have a branch in Europe or anywhere outside the USA and its minions?
Because they're betraying their own goals, as stated in their About page: “It is a service run for the public’s benefit. [...] Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. [...] Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.” Now they own they are under the control of a political organization.
Here is the paragraph Let's Encrypt added to their Subscription Agreement on 2026-06-04:
> You are not a person or entity that is:
> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target
of comprehensive U.S. sanctions;
> (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;
> or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b).
> You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.
cassianoleal 17 hours ago [-]
They could, but if the branch didn’t follow these laws, the main US branch would still be liable.
cromka 16 hours ago [-]
It's about time SOME entities start moving from US entirely.
mikeyouse 8 hours ago [-]
RISC-V Foundation did.. though they go out of their way to talk about it in terms that try not to piss anyone off..
> "Across 2018-2019, the RISC-V community has reflected on the geo-political landscape and we have heard concerns from around the world that investment in RISC-V must come with IP access continuity to ensure a long-term strategic investment. We first mentioned our intentions to move at the December 2018 summit. Incorporation in Switzerland has the effect of calming concerns of political disruption to the open collaboration model. RISC-V International does not maintain any commercial interest in products or services as a non-profit, membership organization. There have not been any export restrictions on RISC-V in the US and we have complied with all US laws. The move does not circumvent any existing restrictions, but rather alleviates uncertainty going forward.
> In March 2020, the RISC-V International Association was incorporated in Switzerland. Along with this, we shifted to a new, more inclusive membership structure. Members of RISC-V International have access to and participate in the development of the RISC-V ISA specification and extensions as well as related hardware and software. RISC-V has a Board of Directors composed of member representatives as well as a Technical Committee of work group leaders."
> RISC-V International has not incorporated in Switzerland based on any one country, company, government, or event. This move is reflective of community concern and managing strategic risk for our community investing in RISC-V for the next 50+ years.
> The IP contributed and produced by RISC-V International is held under industry and global standard licenses that are already open to leverage by any company regardless of jurisdiction. This licensing is a common open source approach to foster collaboration that is not tied to any geographic regulation. IP in the public domain has not been subject to export control.
The RISC-V foundation and related companies also got a bunch of money from Europe. I am not so sure this was about leaving a repressive regime as much as chasing the European "homegrown computing" money.
Tangurena2 2 hours ago [-]
This is part of why the EU is looking to move away from US-based infrastructure. The CLOUD Act basically lets Washington have an off-switch on your computing infrastructure as well as giving Washington unlimited access to any data on your computers (or that passes through them).
naturalmovement 7 hours ago [-]
[flagged]
rafram 8 hours ago [-]
Other countries sanction each other too.
marcosdumay 3 hours ago [-]
They mostly don't.
Or rather, when other countries say "sanctions", they are almost always talking about something completely different than the United States.
cassianoleal 6 hours ago [-]
This is not about countries sanctioning each other. This is the US sanctioning a local company because a foreign company doesn’t follow certain US laws in foreign soil, where such laws don’t apply.
It’s a bit like the US arresting your mom at home in Texas because you ate a baggie of magic truffles in Amsterdam.
rafram 5 hours ago [-]
You're being very vague. Please explain what you mean? I don't see anything here about the US "sanctioning a local company," and I'm not aware of that being possible under US law.
cassianoleal 4 hours ago [-]
Please see my answer to the sibling comment.
cromka 5 hours ago [-]
"Clarifying Lawful Overseas Use of Data (CLOUD) Act."
kube-system 4 hours ago [-]
The way you are using these words seems to indicate you might be confused about how this works.
The US has not "sanctioned" LetsEncrypt or ISRG. The US sanctions foreign entities as punishment for various reasons precisely because they are not subject to US law. That's the entire point of leveraging a sanction -- to pressure those outside of your legal jurisdiction. If they were in your jurisdiction, you'd simply arrest them.
People and organizations basically anywhere not permitted to do business with anyone your country has sanctioned. Anyone who does business internationally should be aware of their country's sanctioned list. That applies no matter where you live on the planet.
cassianoleal 4 hours ago [-]
This is not that though.
This is literally about a company that has a branch in the USA and another branch in another country, where it's bound by that country's laws. If the foreign entity which just so happens to be commercially linked to the one in the USA has any dealings with countries sanctioned by the US, the US branch is punished.
There was a case a few years ago where a public University in Brazil bought lab computers from Dell Brasil. Dell Brasil is a subsidiary of Dell, but it's 100% incorporated in Brazil, the computers were manufactured in Brazil, everything following Brazilian law. The computers were delivered with terms of service that prohibited them from being used for any dealings with US-sanctioned countries such as Iran and Cuba. The University was caught by surprise and questioned it, since they had many academic links with Cuban Universities, and Dell Brasil explained that.
I don't know how the whole ordeal ended. The Brazilian Federal Government got involved, I believe the Ministry of Exterior and the Ministry of Commerce and Industry both got involved and were at one point going to sue Dell Brasil. I suspect it ended with the University returning the computers and purchasing from another supplier.
The suggestion that Let's Encrypt could work around US sanctions by opening a branch in the EU falls under similar conditions, and the US branch would be liable if the EU subsidiary had dealings with US-sanctioned countries.
kube-system 4 hours ago [-]
Incorporating a subsidiary in a foreign country doesn't make the parent company immune to the legal obligations it has in it's home country. It would be absurd if that were the case. Sometimes people try setting up subsidiaries overseas to hide their evasion of the law, but it is illegal to do so.
lmm 2 hours ago [-]
> Incorporating a subsidiary in a foreign country doesn't make the parent company immune to the legal obligations it has in it's home country.
We're not talking about legal obligations in its home country though. I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher. (Of course it would be a crime for either the parent or the subsidiary to sell to 19 year olds in the US)
(No-one is blaming Dell or Let's Encrypt here, to be clear, it's the US' excessive extraterritorial laws that are the problem)
kube-system 2 hours ago [-]
If you are in the US you must ensure that your local company, and any sub-entity you control abroad complies with sanctions law. That is US law, and the US can apply that law to Dell the parent company, because it is in the US and controls the subsidary.
> I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher.
Because there is no US law that says you cannot sell alcohol to people abroad under 19. Heck, there's no US federal law that says Jack Daniels can't sell to people in the US under 19, either. And in fact, there are some places in the US where you can legally drink at 18, e.g. Puerto Rico. But if the US congress wanted to pass one of these laws and enforce it, it could.
lmm 2 hours ago [-]
US sanctions law saying that you must not transfer X from the US to Iran, directly or indirectly, is reasonable. US sanctions law saying that you must not transfer X from Brazil to Iran is gross overreach. Yes, of course the US can apply its absurdly extraterritorial laws to any parent company in the US, just as Iran could penalise any Iranian company whose US subsidiary distributed a depiction of the prophet or whatever, but that doesn't make it good law or good practice.
kube-system 2 hours ago [-]
That's a fair opinion to have.
But the US isn't really unique in applying their laws extraterritorially. See GDPR, Universal jurisdiction laws, China's National Security Law, etc... Every jurisdiction with sizable power does it. Some of these are even more extraterritorial in scope than US sanctions are.
cassianoleal 3 hours ago [-]
You may call it a subsidiary all you want, but it's still a company that's wholly incorporated in foreign soil, doing business in foreign soil.
At least in Brazil, companies that operate there must obey local laws. What happens when those laws are in contradiction with US laws, like in the example I cited? Is Brazil supposed to cave? Is Brazil supposed to keep fining Dell Brasil until it folds? Maybe prosecute Dell Brasil's directors for actively and repeatedly disregarding the law and fines?
How does that work on a global scale?
I'll say again, this is not about a US company opening a foreign subsidiary to do things in the US that are forbidden in the US. This is about a company incorporated abroad having to follow US laws while operating wholly abroad. This is a breach of sovereignty however you look at it.
kube-system 2 hours ago [-]
It is plainly routine for a company to have to deal with multiple legal jurisdictions at a time.
Yes, sometimes this causes compliance complication. This isn't unusual, it happens frequently.
Ultimately, every government exercises the laws of their country as they see fit, using the enforcement tools they have available to them. These rules often extend outside of their borders and apply to foreign or partially-foreign entities depending on the situation. The only limits on this are the practical means of enforcing it.
Dell Brazil would have been subject to Cuba sanctions because it was controlled by the US parent company. The US has obvious jurisdiction over Dell Technologies the parent company, and the nexus to enforce it.
Nothing you are are describing is even remotely unique to the US. No country is going to let you set up a foreign subsidiary to launder goods around sanctions law. If they did, everyone would do that and nobody would ever follow sanctions.
drstewart 2 hours ago [-]
Ah, so it would be like the EU fining a US based company for not following certain GDPR laws even if they don't have a presence in the EU? Definitely would never happen!
mfuzzey 5 hours ago [-]
Just close down completely in the US and move to the EU
kube-system 4 hours ago [-]
And then what? Be subject to similar sanctions from a different governing body?
Why, so they can be forced to enforce content restrictions on any provider that wants an SSL restriction?
throw-the-towel 2 hours ago [-]
It shouldn't be located in Europe (because, as you said, US minions are no better than the US itself). Instead it should move to a neutral country, somewhere like Singapore or Uruguay.
hparadiz 2 hours ago [-]
Suddenly the idea of having a CA hosted in space on a satellite issuing certs seems like a good idea.
eqvinox 46 minutes ago [-]
You're assuming that satellites are exterritorial. They aren't, they're ab initio the launching state's property and responsibility, barring other agreements to transfer them - and getting one out into a "legal void" isn't going to be trivial.
hparadiz 31 minutes ago [-]
Over the centuries I am sure there will be random satellites that are defunct that will be hacked or otherwise "taken over" by someone with the right skills. These things are tiny compared to the distances involved and in the future you might end up using them as data reservoirs since in many cases it will be cost prohibitive for any authority to go collect or otherwise stake authority over an old piece of hardware considered junked.
vova_hn2 33 minutes ago [-]
A ship in international waters with satellite internet connection would be much cheaper, except it runs into the same problems as described by the sibling comment: https://news.ycombinator.com/item?id=48469397
hparadiz 27 minutes ago [-]
You don't get 1,361 W/m² of continuous free energy when you're Earth bound and all those pesky water molecules.
vova_hn2 12 minutes ago [-]
> free energy
It is free only if you ignore the cost of getting the thing into the orbit in the first place.
Edit: also, AFAIK, normal microchips (without special radiation hardening) don't last that long in space
throw-the-towel 2 hours ago [-]
New startup idea: Starlink for TLS.
belorn 4 hours ago [-]
Let's encrypt is not some code or even a company that you can split into different branches. Their existence is one based on trust relations that let's encrypt has with browsers and operative systems. It is in one part similar to both domain names and IP address space, in that the technical aspects of creating alternative roots is almost trivial in comparison to getting the trust that is required for an alternative root to be accepted by the rest of the world.
Let say someone created an Russian Let's Encrypt. It has all the technical aspects as regular LE in that you can request a certificate and get one through an acme challenge. That is all great and all, but no browser will recognize it as valid. No operative system will recognize it as valid. The Russian state might add the new LE as valid for government computers, but the real work would be to get any other participants in the world to do the same. The issue is not a technical one but rather a social one that is built on trust.
When Russia invaded Ukraine there was a major discussion if IANA/ICANN should have disconnected Russia from domain names and IP addresses. That discussion ended on a decision to not do that because the symbolic benefit was deemed minor compared to the harm to the system in large, especially once the war end. If you got two roots, then a domain name or IP address can now suddenly have two locations, and it would be a massive pain to try fix it even if people wanted to fix it. Certificate Authorities do not share this trait since there can be an almost unlimited number of roots and none of them can conflict with each other (assuming no hash collision). If Russia spins up a new CA then people can use that one today if they want to, and they can continue to do so after the war has ended.
PunchyHamster 5 hours ago [-]
completely independent entity would be far better option. Protocol is open after all, just need pointing to different vendor
Insimwytim 7 hours ago [-]
Iran is blocking internet for months, US ...bans creation of secure connections - that'll show 'em!
Russian quasi-government structures are spending quadrillion of rubles on a TSPU (censorship system) to spy on Russian residents, US ...helps them by making snooping on what is currently encrypted traffic possible by banning accessible encryption!
jaas 6 hours ago [-]
Let's Encrypt certificates continue to be available in both Iran and Russia, just not for the Iranian and Russian governments.
The terms of service update to clarify what we have always done, comply with relevant law, has not changed the situation for either country.
joshuaissac 6 hours ago [-]
> Let's Encrypt certificates continue to be available in both Iran and Russia, just not for the Iranian and Russian governments.
> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions;
> [other 'or' conditions]
jaas 4 hours ago [-]
Sanctions compliance is unfortunately fairly complex.
Let's Encrypt can issue certificates for non-government entities in Iran and Russia due to statutory exemptions protecting personal communications, alongside specific Office of Foreign Assets Control (OFAC) authorizations designed to promote Internet freedom and human rights.
We will look into whether we can make things more easily understandable in the subscriber agreement.
lioeters 5 hours ago [-]
I wonder what "ordinarily resident" means legally. Like has a permanent address there, even if they don't live there physically..?
Hundredth0006 4 hours ago [-]
Yes. If you are, for example, even a US citizen, permanently living in Crimea, you are still subject to limitations, imposed by sanctions.
5 hours ago [-]
john_strinlai 5 hours ago [-]
you should update the documents to reflect this stance.
"You are not a person or entity that is: (a) located in, organized under the
laws of, or ordinarily resident in any country or territory that is the target
of comprehensive U.S. sanctions; "
this says nothing (edit: specific) about government (edit: only), and is applicable to normal people in those areas.
joemi 5 hours ago [-]
A government falls under "entity". So it's about normal people AND governments (and other entities).
Still needs updating if it's supposed to only apply to governments, though.
saeedesmaili 3 hours ago [-]
[Iranian here]
Completely agreed. Reminds me of how US banned citizens and businesses in Iran from using cloud infrastructure like AWS or digital ocean, leading to people and businesses moving to the government-sponsored local cloud services, and that made it super easy for the government to block internet access whenever they want without essential services like banking, ecommerce, online taxi booking, food delivery etc being disrupted.
gnerd00 7 hours ago [-]
wait until you find out about Facebook!
axiologist 14 hours ago [-]
This somehow confirms my gut feeling that digital certificates are mainly a means to enforce exclusion on behalf of the certificate authority ownership.
It is a tool to prevent people from taking full ownership and control of whatever is affected by digital certificates, be it software, firmware, hardware, or as in this case SSL/TLS.
That's digital tyranny in disguise.
belorn 6 hours ago [-]
While it seems like certificate authority has the primary control here, the real control lies in browsers and operative systems in which certificate authorities are trusted. Users also have, at least for the moment, control to add or remove certificate authorities, even if that control is slightly less clear for devices like smart phones.
Digital certificates that signs software packages are used to enforce exclusion by some manufacturers. Let's encrypt is not in that space to my knowledge, but it is a place where you the owner do not have the right to determine which certificate authority should be trusted, and generally the only one that is trusted is the manufacturer. Its arguable if we even should be calling such entities a certificate authority, even if they technically are the owner of the root certificate that signs the package.
MarleTangible 14 hours ago [-]
I always saw it as a trust-chain and think that anyone is welcomed to create a root certificate and distribute it to whomever trusts them. Most simple services may not need TLS, but with the ISPs eavesdropping on our communication, a form of secure communication is required and the currently best solution we have requires a trust-chain to be built.
lesostep 5 hours ago [-]
The problem is that finding a root source of trust aren't easy this days. LE was neutral, now nobody is.
Russian government issued their new root certificate years ago.
Nobody trusted it enough to request a certificate from them or install it on their computers. Including almost all of the russian residents.
If Let's Encrypt enforces the rules, as written in pdf, a lot of people would lose a choice.
Frankly, even publishing a statement like that would make the scales of trust tip for some.
happosai 6 hours ago [-]
It is such a great improvement that ISPs cannot eavesdrop us anymore... only for everyone to terminate TLS at cloudflare so they (and thus US government) can now eavesdrop everyone.
Parodper 10 hours ago [-]
We could, and should, switch to DANE. Or else, switch to how X.509 was supposed to be used, with each country running a CA for their nationals.
theamk 9 hours ago [-]
I trust governments much less that a conglomerate of competing corporations.
With all the problems with Web PKI, at least the bad actors are getting distrusted, and this provides a very strong enforcement on the rest. And Certificate Transparency makes sure the mis-issuance would be caught. It is not perfect by any means, but things are getting better.
With DANE (or other country-issued certificates), every government will absolutely double-issue certificates to police, secret service and friends of goverment, and no one will have any recourse. (In the past I'd say that only countries like Russia would do it.. but with today's climate, I am sure both US and many European countries will do that too)
toast0 3 hours ago [-]
I'm not really in favor of DANE, because DNSSEC is such a mess ... but.
Certificate transparency is nice. Browsers could require it for DANE certificates, just like they require it for current Web PKI certificates.
The people controlling the TLD of interesting can exert control over the domain of interest in order to issue a DANE certificate. But they can also exert control over the domain of interest in order to request a domain control certificate, so widespread use of DANE wouldn't add any new adversaries. If DNSSEC wasn't a mess, and DANE replaced WebPKI, we would eliminate the risk from CAs without adding a new risk --- TLDs (and the DNS root) are existing risks.
xorcist 1 hours ago [-]
> I trust governments much less that a conglomerate of competing corporations
Let's not create a world wide PKI based on a political ideology.
> country-issued certificates [...] every government will absolutely double-issue certificates
This is such a strange argument. If you register a .ru domain, do you really think you are safe should the Russian intelligence services ask for a valid certificate? Controlling the actual domain, they could issue ask many domain validated certificates as they wish.
The problem with our current SSL PKI, as so very many people have pointed out over the years, is that any CA is allowed to issue valid certificates for any domain name. There have been proposals to use X.509 extensions to remedy this, but they have seen lesser real world usage than the various certificate revocation schemes, which is very close to zero already.
If there was no way for a Russian CA to issue certificates for .us domains, real world security would improve. A lot. And the other way around, of course.
Feel free to s/Russian/Chinese/ in the above argument or whatever tickles your geopolitical fancies. The argument still stands.
Domain registries decide who owns what domain. That is their literal role. You would think that asserting this ownership cryptographically would be a no-brainer in 2026. Yet we have this discussion over and over again. There are many people whose income quite literally depend on the status quo of our global SSL PKI, which coincidentally also offers no end of possibilities for the various intelligence services around the world.
The next time someone tries to scare you with that governments or intelligence services control DNS and therefore it would be crazy to limit issuance of certificates to them, take a look where they have contracts.
Parodper 8 hours ago [-]
> every government will absolutely double-issue certificates to police, secret service and friends of goverment, and no one will have any recourse.
Countries already have CA that issue certificates with more legal force than a handwritten signature. I can open a bank account, pay my taxes and sign up to all government services. But I can't use them for a webpage.
> With DANE (or other country-issued certificates)
DANE isn't a country-issued certificate. It's a scheme where you store your public keys on DNS records. Of course, now we have the issue that DNSSEC (signed DNS records) isn't widespread and the whole issue with DNS registries.
theamk 4 hours ago [-]
DANE is entirely dependent on DNSSEC, and DNSSEC is, by design, under the government control, with all the bureaucratic mess and mistakes this implies.
This would be pretty terrible if anyone actually cared about DNSSEC, but luckily for us, no one cares.. So let's keep things this way.
Parodper 2 hours ago [-]
You obviously don't know how DNSSEC works. The DNS root of trust is ICANN, not a government.
gopher_space 4 hours ago [-]
> I trust governments much less that a conglomerate of competing corporations.
There’s no essential difference between the two from my perspective. Why are these my only choices?
Parodper 2 hours ago [-]
What other choices are there?
An international body might work, or just move the issue one step back.
r-w 4 hours ago [-]
One, in a democracy, is accountable to adults in the same jurisdiction. The other is only accountable to those with financial ties to its success.
coldtea 3 hours ago [-]
>One, in a democracy, is accountable to adults in the same jurisdiction
Or so they say. How's that been working out in practice?
Parodper 2 hours ago [-]
Pretty well, in my experience.
coldtea 2 hours ago [-]
Yeah, that's why most countries in EU, as well as US, are in a huge dissarray, politicians have all time low approvals, people vote for something and get the opposite, and the economy and social climate turned to shit...
I guess one doing well enough can be oblivious to all this...
account42 9 hours ago [-]
Pretty much any big government has a CA they can exert direct control over whenever needed.
theamk 9 hours ago [-]
Maybe, but then can only do it once. Then they get caught, and their CA is distrusted. See Diginotar [0] for example.
And things only gotten better since - we now have CT logs, and browsers require them, so any mis-issuance can be detected automatically, by any interested third party.
If we go to DANE, we lose this all. "Oops, our CT uploader process failed, we will fix Real Soon(tm) we promise" - and what are browsers going to do? Distrust the entire country?
Side note: “DigiNotar BV was a Dutch certificate authority from 1998 to 2011. It was acquired in January 2011 by VASCO and subsequently declared bankrupt in September of the same year” [1].
I didn’t realize the slapped their face on the pavement right after being acquired.
The Dutch government didn't exercise control over Diginotar.
In the Dutch hacker scene, Diginotar was a meme. Everyone knew it was a mess there.
thaumasiotes 7 hours ago [-]
> I always saw it as a trust-chain and think that anyone is welcomed to create a root certificate and distribute it to whomever trusts them.
Note that phones already try to prevent you from using a certificate that you provide yourself.
fluoridation 2 hours ago [-]
"Try to prevent"? What does that mean?
account42 9 hours ago [-]
Do we also need to put all our letters into strongboxes before we send them?
Maybe we should have solve the ISP snooping problem by making that illegal instead.
lxgr 3 hours ago [-]
> Do we also need to put all our letters into strongboxes before we send them?
If it were as cheap and efficient as TLS these days, yes, absolutely
> Maybe we should have solve the ISP snooping problem by making that illegal instead.
We could do both! ISP snooping is still a problem for metadata (SNI).
theamk 8 hours ago [-]
This just leaves every single public Wifi network - which used to mess with traffic a lot
cyanydeez 8 hours ago [-]
Guys, we live in a society.
kube-system 4 hours ago [-]
The entire point of a trust model is to exclude people. That's the stated goal.
If you want encryption without trust, just use self-signed certs.
lxgr 3 hours ago [-]
If you don't care about who you're talking to, why use certificates at all?
13415 4 hours ago [-]
The problem is that the current trust model is totally untrustworthy.
kube-system 3 hours ago [-]
Philosophically, trust isn't a "solvable" problem. It can only be mitigated to varying degrees. However, some degree of trust is probably better than none.
13415 3 hours ago [-]
One thing is sure, pinning trust on trust chains down from Root Certificate Authorities is fundamentally incompatible with our notion of trust and an almost absurd idea to start with. Most people using a browser don't even know any person from such an organization nor would or should they have any rational reason to trust them.
kube-system 2 hours ago [-]
> our notion of trust
I suspect I may have a different notion of trust than you
> Most people using a browser don't even know any person from such an organization nor would or should they have any rational reason to trust them.
Back up one step further -- most people using a browser don't understand the problem set we're talking about even exists
palmotea 10 hours ago [-]
> This somehow confirms my gut feeling that digital certificates are mainly a means to enforce exclusion on behalf of the certificate authority ownership. It is a tool to prevent people from taking full ownership and control of whatever is affected by digital certificates, be it software, firmware, hardware, or as in this case SSL/TLS. That's digital tyranny in disguise.
I think the "digital tyranny" is a side effect, not the main goal. They're "mainly a means" to prevent certain kinds of MITM attacks.
watwut 6 hours ago [-]
I always thought the main goal was to force people to pay money for certificates.
ekr____ 5 hours ago [-]
Let's Encrypt certificates are free.
account42 9 hours ago [-]
You could that with a much saner approach like DANE.
franga2000 9 hours ago [-]
Not back when SSL and the PKI ecosystem was developed.
Igrom 16 hours ago [-]
It seems that, as soon as you transact with a sanctioned entity, you are globally in breach of the agreement and risking the revocation of all your certificates — also the ones for non-sanctioned countries.
Front matter:
- it is called a "Subscriber Agreement" and not anything that suggests that its scope is a single certificate
- it's a "contract [...] regarding Your [...] rights and duties relating to [...] Certificates" - plural
2.1 "Term":
- "[the agreement] will remain in force during the entire period during which *any* of Your Certificates are valid" - plural
3.1 "Warranties":
- "[by] requesting, accepting, or using *a* Let’s Encrypt Certificate" - plural
rerdavies 4 hours ago [-]
Is this actually new? Looks like a standard US export restriction for encryption technology to me. These sorts of restrictions have been around since the '90s.
Let's Encrypt becomes subject to US export restrictions on cryptography if they are a US company, or if they post anything to github or post anything to major app stores. Every app I have ever posted to Google Play has had to submit a form to the US government declaring what use they make of cryptography.
These restrictions have been in force since that late 1950s (with a long and complicated history with respect to computer cryptography). This particular text looks like a boilerplate restriction, that's required to comply with US EAR export requirements to me.
fluoridation 2 hours ago [-]
A certificate is not cryptography, though, it's a number. The entity requesting the certificate already has the cryptographic software installed on their servers, as do the clients trying to connect to them. There's nothing technologically special about the number, it's all in the realm of the social contract, in that it has been blessed by a chain of trust.
lmm 2 hours ago [-]
Organisations that are serious about promoting privacy should have been avoiding the US since the '90s and/or '50s, but the second best time to reincorporate in a safe jurisdiction is today.
guhcampos 41 minutes ago [-]
The title was a bit misleading.
When I read it, I interpreted it as "let's encrypt bans certificate usage in - any territories endorsed by the US". Took me reading a couple comments to understand it actually meant "territories under US sanctions".
m2f2 19 hours ago [-]
Is this a canary?
What's gonna happen if I were to begin or continue using one letsencrypt certificate from ... Greenland? Cuba? The EU?
Has letsencrypt been served with a subpoena?
tialaramex 5 hours ago [-]
> Has letsencrypt been served with a subpoena?
While it's certainly possible that ISRG has been served a subpoena because it appears the US DOJ is now a mix of hacks and incompetent buffoons, it wouldn't matter because the whole point is that they don't know anything - what you told them is literally logged publicly for everybody to see without even knowing how to spell "subpoena" let alone issue one.
Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena - but the whole fucking point of a Public Key Infrastructure is that we're using Public Key Encryption, if we were OK with everybody having secrets all over the place this entire thing wouldn't be needed.
toast0 3 hours ago [-]
> Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena
LetsEncrypt certainly doesn't, but I've seen certificate storefronts that generate the key on their side and provide you the key and the certificate, so you don't have to figure out how to generate a key.
basilikum 5 hours ago [-]
They have the secret of the private keys used to sign certificates.
Looking at LavaBit^1 I really would not be so comfortable. The world and especially the US has not gotten more free since then.
They could mint certificates, for / about any name. But, those certificates won't work in popular applications unless the certificates include proof of logging.
So to be effective this means a hypothetical bad actor (maybe the US government or anybody else) issues bogus certificates, then either logs them - making a permanent record for everybody to see, or also subverts two or more logs, so that they issue bogus proofs.
This is a very expensive one shot attack on whatever the target would be, I guess it's not stupider than "Let's bomb Iran for no good reason" but it's up there.
basilikum 4 hours ago [-]
For the vast majority of cases, would anyone notice these malicious certificates being created and logged?
toast0 3 hours ago [-]
I don't subscribe for my personal domains, because who cares, but when I was in charge of certificates for something important I subscribed to notifications from several providers to make sure I didn't miss anything.
I would like to think at least all the high profile destinations have someone watching.
tialaramex 4 hours ago [-]
What constitutes the "vast majority" ? Periodically I check mine, and I sometimes have reason to check others, I no longer run my own log auditing (I did when I worked somewhere else because it was close to my main field of interest) but other people do.
basilikum 3 hours ago [-]
How can you check other people's certs? How do you know whether a cert issued is authorized by them or not?
The only one who can check for maliciously published certs is the entity authorized to request them. I think most companies are happy when they manage to have valid, not expired certs and do not care too much about making sure there are not too many of them.
You are right that if the state would start issuing malicious certs en mass that would be found out quickly. But I think very targeted selected operations against entities where they know the entity is unlikely to surveil for unauthorized certs are very much possible.
I'm not arguing for going into conspiratorial thinking and claiming CAs are all compromised and issuing malicious certs all the time. But I do think that it is feasible for states to use CAs under their direct or indirect control to run targeted attacks. I think that is a plausible, serious risk that we do not care enough about and that we should do something about. There is a multitude of precedence starting from LavaBit over the wiretapping of jabber.ru^1, ANOM^2 to CryptoAG^3 that supports this conclusion.
If there's a competent admin or it's just entirely autopilot for some huge generic host you'll see a very boring pattern where there's a cert and then as it gets close to expiring a new cert is issued, e.g. 4-5 days before it expires, or on a Tuesday at about 8am, or whatever - and sure enough you'll see the same pattern in the cert presented when you access their web site.
In these cases it's really obvious if there's anything weird going on. You're correct that we can't know, as a third party why there's something weird. Maybe the server was being replaced and the new server just installed an ACME client and got itself a new cert last Tuesday even though the previous one doesn't expire for weeks. But if there was nothing we don't even need to ask anybody what's up - nothing is.
IMNSHO The statistics don't really work for targeted attacks. The odds you'll get away with it are unknowable and you only have to get unlucky once.
8organicbits 31 minutes ago [-]
> How can you check other people's certs?
There are red flags you can look for, but you need to confirm with the domain owner to be sure. CAA records can tell you what CAs are supposed to issue a certificate. Many companies always use the same CA, so a change to a different one could be suspect.
For the wiretapping scenario, domain verified certificates do not protect against that scenario. If the wiretap has full control of your server's network, then it can issue a certificate of its own. No need to compromise a CA.
nickf 3 hours ago [-]
For any target of sufficient value that a government would do that, yes.
Of course it doesn't happen anyway, because governments don't have some kind of secret access to CAs.
rafram 8 hours ago [-]
Neither Greenland nor the EU has been sanctioned by the US.
piskov 5 hours ago [-]
Have you heard about the judge from international court or whatever it is called?
Are you saying the ICC is the EU? Or that it's Greenland?
nitwit005 8 hours ago [-]
They haven't been sanctioned, yet, but we live in a time where that's a real possibility.
_ache_ 8 hours ago [-]
Yet.
malfist 8 hours ago [-]
So far
7 hours ago [-]
tempfile 8 hours ago [-]
It is not exactly an outlandish suggestion that this may happen.
VortexLain 6 hours ago [-]
Now this is very bad, as bad as it can get. As soon as all local services will stop working in sanctioned countries, those countries' governments will force all users to either install a root certificate or lose access to all local services and websites. And then it will be possible to use that root certificate for MITM attacks. In the worst case scenario, after the majority of users will install the root certificate, state DPIs will MITM all traffic and will block all un-MITMable traffic.
yurish 5 hours ago [-]
Don't understand why you have been downvoted. Russian government have already attempted to push forward their root certificate for banking using Yandex browser, now this.
jldugger 2 hours ago [-]
Took me a minute to parse the headline -- Sanctioned as as in "imposed penalty" (ie "sanctions"), not as in dictionary definition #2 "official permission or approval".
Perhaps because "US territories" are a thing, perhaps because it's way more newsworthy if LE bans the US, or perhaps im just a dummie.
mrweasel 5 hours ago [-]
This should be one of those things that should be an quick EU win.
Running Let's Encrypt is $3-4mill a year, the EU probably uses that on pencils.
The EU could easily bootstrap a Let's Encrypt competitor if it truly cared about removing dependencies on US based entities.
zajio1am 5 hours ago [-]
Yes, but EU would have to convince Google and Apple to get a new root certificate to browsers.
toast0 3 hours ago [-]
Not really. They just have to convince an existing CA that cross-signing their CA won't make Google and Apple mad.
Cross-signed roots are common. Just takes money and maybe audits, but it's the same audit they'd need to get in the browser root stores anyway.
xxpor 5 hours ago [-]
Do you really think the EU wants to sign up for PR that’s essentially “the US is being too mean to Russia” right now?
flumpcakes 4 hours ago [-]
I think the EU should do it regardless of Russia. The EU should invest in its own technology and not depend so much on an increasingly undependable ally.
cyounkins 4 hours ago [-]
Gotta love the word 'sanction'. It is it's own antonym!
"The committee sanctioned the new policy." (approved it)
"The committee sanctioned the rogue nation." (penalized it)
lmm 2 hours ago [-]
There are many autoantonyms in traditional English, e.g. cleave.
wnevets 7 hours ago [-]
Maybe consolidating ~60% of the web's certificates on to a single provider was a mistake.
patmorgan23 7 hours ago [-]
Well good thing everyone using the provider is using an open protocol and it's stupid easy to switch
wnevets 6 hours ago [-]
Which free CA should I use instead of lets encrypt that has same browser support?
I mean really, if you use lets encrypt for anything that runs in a production environment, the responsible thing to do is build a fallback to switch to another provider in case LE has a bad day (or hits a brick wall and needs to say, enforce export restrictions).
daneel_w 6 hours ago [-]
Worth noting that Actalis requires you to register an account with them in order to acquire the necessary authorization token for their ACME API. This poses a privacy/anonymity issue for some users. Last I checked, Actalis' free tier didn't support SAN either.
Add.: I created an account just now to see "what's what" and also found the notice, "Activate your free 90 days certificates. At the end of the free year, the services associated with the certificates will expire." which sort of sounds like it's just a 1-year free trial.
gruez 6 hours ago [-]
ZeroSSL / BuyPass
ygjb 6 hours ago [-]
Buypass no longer issues TLS certs since last year.
pratyahava 6 hours ago [-]
can you please suggest any alternatives to switch to? i hardly can find any alternative which provides free service and is a non-profit org at the same time.
karteum 13 hours ago [-]
Can anyone explain me what went wrong with http://www.cacert.org/ and why they are not supported by any major browser ?
em-bee 11 hours ago [-]
the wikipedia page has links to projects that removed CAcert where reasons are stated. the main one being that CAcert didn't complete a security audit or because they were not yet accepted by mozilla (because of the lack of an audit, but also because CAcert actually withdrew the request to be included). one group removed it because CAcert has a strict root redistribtion license that they can't follow.
> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;
or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b). You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations
theamk 1 days ago [-]
Makes sense, they are US company. I am surprised it took them that long.
rwmj 17 hours ago [-]
"US company must obey US law" doesn't make for a very interesting headline.
ceeam 14 hours ago [-]
"The world should stop trusting the US companies" OTOH...
cyanydeez 8 hours ago [-]
more optimistic would be "World should decentralize America's trust"
ohmg 14 hours ago [-]
The headline is more « US law is batshit and extends well beyond its borders with real world consequences »
pavon 7 hours ago [-]
This is not an example of that. It is perfectly within US jurisdiction to prevent US companies from doing business with sanctioned countries. That is the point of a sanction, and US is in good company in choosing to use sanctions as a diplomatic tool.
It is more of an example of how the internet/software industry is too consolidated to the US, and thus other countries are too dependent on the US in those areas. If the internet infrastructure was well distributed, then people in sanction countries could simply get certificates issued by a different CA, and in some cases they can. However, this is complicated by the fact that the list of trusted CAs is dominated by US organizations (Google, Mozilla, Apple, Microsoft). If you want to reach western audience you must use certs from a CA approved by them.
kube-system 4 hours ago [-]
The only countries that do not have sanctions are the ones who lack the economic leverage to do so. All developed countries have them.
ezbie 10 hours ago [-]
Exactly. Ever since I was a kid I never understood how the US has jurisdiction way beyond their borders.
Then I graduated in International Relations and understood that the hole is much deeper than that.
Now it's pretty obvious with all the shit that trump has been doing, but back then me and much of the people I know were oblivious to what US power really means.
zajio1am 5 hours ago [-]
This is not specific to US law ...
xorcist 1 hours ago [-]
To be fair the US is a bit on an outlier here, as it is not afraid to come down on US companies for things subsidiaries do in other jurisdictions, on questionable grounds. So it would not be enough for Let's Encrypt to operate a European operation to sign European certificates.
Should the US wish to sanction the Hague, somewhat famous for its international court of justice, they would absolutely go after ISRG and it would not be enough for them to sever the ties of the hypothetical Let's Encrypt Europe. That would not be legal or last least highly questionable in most other democratic countries.
rwmj 3 hours ago [-]
US law is something US citizens get to decide. If they think it's "batshit", they should vote accordingly. In this case sanctions seem a pretty good alternative to going to war.
account42 9 hours ago [-]
It is however a reminder that "just use LE" is not a valid response to concerns about protocols/APIs/browsers/etc requiring TLS.
floper_a 14 hours ago [-]
That's just another reminder that no one from outside of US should deal with US companies.
bigfishrunning 6 hours ago [-]
Of course not! just find viable alternatives to Microsoft, Apple, Mozilla, YCombinator, Google, Intel, AMD, ...
In all seriousness, as an American I'd love to see a healthier, more well-distributed tech industry, but I don't see many companies stepping up to provide competing services. It's my understanding that china has alternatives to many of these products/services, but I really don't see how anyone in Europe could possibly use a US-free internet.
Galanwe 6 hours ago [-]
> but I don't see many companies stepping up to provide competing services
Maybe because the US dropped most of its anti trust regulations, leading to ridiculously monopolistic practices such as "acquire everything that may be threatening".
bigfishrunning 5 hours ago [-]
When was the last time you heard about a European cellphone manufacturer, or social media network, or web browser being acquired by an American monopoly?
I can only think of Nokia, purchased by microsoft in 2014. Those phones ran windows CE before that even, so you could hardly have avoided the american tech industry.
All I'm trying to say is, it's impossible for Europeans to both A) be on the internet and B) avoid the US tech industry.
I am not well versed in how their systemwide certificate issuance works: If they have to add this to their terms to comply with their government, could the same government use pressure to leverage let’s encrypt to do harm.
42droids 20 hours ago [-]
Has anyone got any experience with Zero SSL? https://zerossl.com/
It seems like a good EU alternative.
47282847 19 hours ago [-]
EU? There’s almost zero information on the company, no privacy policy? The only place I found any mention is the footer, “HID Global Corporation, part of ASSA ABLOY”. Assa Abloy seems Swedish but HID Global is a US company as far as a quick search goes. But without a proper company info page and privacy policy I wouldn’t consider it anywhere near a “good alternative” regardless.
ZeroSSL 10 hours ago [-]
Jumping in here since we’ve been seeing more mentions of ZeroSSL lately, likely related to the recent CA/B Forum discussions around 1‑year certificates and ACME automation.
- We’re based in Austria (ZeroSSL GmbH). The company was acquired by HID in 2024, which is part of Assa Abloy (Sweden).
- We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.
- For DV certs specifically, we act as a distributor. Under the hood these are Sectigo-issued certificates, similar to how other providers (for example Namecheap) operate.
Happy to clarify further if useful.
kruffalon 8 hours ago [-]
> - We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.
OK, but in the context of this topic thr interesting part isn't your marketing but your jurisdiction.
Could you clarify which jurisdiction you operate under and a link on the ZeroSSL website that collaborates that?
Thank you <3
hoistbypetard 6 hours ago [-]
Sectigo used to be Comodo's CA business. If memory serves, that business was purchased by a US PE firm and renamed "Sectigo". Sectigo Inc.'s corporate headquarters is now in Scottsdale, AZ.
There's no reason to believe they're any less subject to US jurisdiction than LetsEncrypt.
idoubtit 6 hours ago [-]
There were reason to believe they were less subject to US juridiction: their Subscriber Agreement is for "Sectigo Limited, a limited company formed
under the laws of England and Wales".
See https://www.sectigo.com/uploads/backgrounds/Certificate-Subs...
Sadly, their United Terms and Conditions in section 8.2 are even more restrictive than LE's.
They reject any entity
"located in, incorporated under the laws of, or owned (meaning 50% or greater ownership interest) or otherwise, directly or indirectly, controlled by, or acting on behalf of, a person located in, residing in, or organized under the laws of any country sanctioned under the laws of the U.S. or E.U."
See https://www.sectigo.com/uploads/backgrounds/United-Terms-and...
From a layman point of view, it could even mean that the ICC and the UN are prohibited from using Sectigo.
The Customer must have no "affiliates, officers, directors, or employees" that are on sanction lists, and the US have sanctioned some high-profile members of the UN and the ICC that spoke about the genocide in Gaza.
redrblackr 7 hours ago [-]
Any plans on becoming an independent CA? Would certificates issued in your name also risk being affected by US sanctions trough sentigo?
orochimaaru 7 hours ago [-]
If they do business in the US they will be expected to comply with US law - this includes their stock being traded on US stock exchanges.
If they don’t have any business in the US and any financial ties to the US they won’t be subject to the sanctions. But I believe it will create issues if they want to enter the US market.
slau 19 hours ago [-]
HID was originally American and Scottish, but became fully American in 1994.
HID was acquired by Assa Abloy in 2000. No idea whether that means we now consider it Swedish.
ZeroSSL used to be Austrian until their acquisition in 2024.
I used to work for a company that got acquired by HID. It looks like HID has retained their original offices in some form.
nomadwastaken 17 hours ago [-]
The privacy policy is under legal in the footer, exactly where I'd expect it to be honest. It also gives the company registration:
> 1.1. We, ZeroSSL GmbH, FN 443956b (the “Company“)
and below that the company address (registered in Austria).
Don't get me wrong, I agree that there is some lack of "who actually runs/controls this", especially on the about page where I expect such things to be.
At the very least it's not as transparent as I'd wish from a CA. E.g their Certificate Agreement is from Sectigo, so are they involved? No mention anywhere else from what I can see.
47282847 12 hours ago [-]
I don’t see “legal” in the footer on mobile. Or any other link. Or a link to an About page in the main nav. There’s nothing.
nomadwastaken 4 hours ago [-]
Very interesting! Yea I was on desktop, that's a really bad oversight to hide all of that on mobile...
matharmin 6 hours ago [-]
I use them in some cases to avoid the rate limits on LetsEncrypt, and they have better support for some older platforms (like ancient Android versions), and I'm pretty happy so far. I have a paid account to support them, but it's not a requirement for ACME certs. It works without issue with Kubernetes Certbot, and seamless to switch between ZeroSSL and LetsEncrypt.
I can't comment on the EU part though - not that relevant in my case.
linsomniac 7 hours ago [-]
There was some subtle issue with ZeroSSL's implementation of ACME that I ran into with, IIRC, lego and domain certs and there was a ~5 year old lego open issue about it. That was a couple years ago, might be fixed, but my understanding at the time was that it was an issue with Zero's ACME implementation, so there may be dragons.
slau 19 hours ago [-]
3 90-day ACME certs for free. 180€/year for unlimited 90-day certs and 5 yearly ones.
That’s a pretty steep increase. I would almost be more interested in a monthly fee per cert.
nomadwastaken 17 hours ago [-]
From their docs[0] this doesn't seem to apply if using ACME, but they don't exactly make that clear...
> By using ZeroSSL's ACME feature, you will be able to generate an unlimited amount of 90-day SSL certificates at no charge, also supporting multi-domain certificates and wildcards. Each certificate you create will be stored in your ZeroSSL account.
Yeah, they don't make it that clear, but you get basically the same functionality as with LetsEncrypt for free, including wildcard certs. You basically only need to pay for manually issued certs, or some of their other additional features.
nickf 17 hours ago [-]
ZeroSSL aren't an EU-based alternative, unfortunately.
patrakov 11 hours ago [-]
It's Sectigo under the hood.
DoctorOetker 18 hours ago [-]
> active eavesdropping (e.g., monster-in-the-middle attacks)
is this standard MitM, or is it some crucially distinct variation?
thephyber 18 hours ago [-]
Man in the Middle Wiki:
> Also known as a monster-in-the-middle,[1][2] machine-in-the-middle,[3] meddler-in-the-middle,[4] manipulator-in-the-middle,[5][6] person-in-the-middle[7] (PITM), or adversary-in-the-middle[8] (AITM) attack.
walletdrainer 18 hours ago [-]
Those sources feel more than slightly contrived.
walletdrainer 18 hours ago [-]
[flagged]
mmahd7456 7 hours ago [-]
"concepts like "man" and "woman" are deeply sexist and offensive in their culture".
Only to people who have a need to be offended.
walletdrainer 5 hours ago [-]
Being offended is a core part of the American identity.
cassianoleal 17 hours ago [-]
I kinda like this framing. It effectively classifies companies such as Zscaler and CloudFlare as monsters.
walletdrainer 15 hours ago [-]
It's particularly funny because "monster-in-the-middle" appears to be a deliberately quirky marketing term invented by cloudflare.
wofo 7 hours ago [-]
Fun fact: some older articles were originally written using the term man-in-the-middle, but at some point were updated... except that the diagrams still use man-in-the-middle because search-and-replace doesn't work on images.
joemi 5 hours ago [-]
Is Let's Encrypt the only provider of SSL certificates?
Genuine question! Because I assumed there were other places you could get a SSL certificate, but people in this thread seem to be implying that without Let's Encrypt, there's no way for people in those sanctioned territories to get a cert.
hinata08 5 hours ago [-]
If it was a genuine question, the genuine answer is it's the provider that democratised streamlined ACME certificate verification and made it for free
No account, no payment, a single bash command or a certbot that runs regularly and you have your own globally recognised certificate
Historically, providers used to make the most frictions so that they could justify absolutely crazy fees for signing any certificates. It doesn't goes down well in DevOps, it doesn't work with indies who don't have 3 to 4 digits figures to blow in httpS, everyone including organisations ended up making certificates authorities of their own to sign stuff... and let's encrypt was successful at making certificates easy, free and actually secure
Fnoord 5 hours ago [-]
> Is Let's Encrypt the only provider of SSL certificates?
No.
nicce 5 hours ago [-]
There are some options. actalis.com is European alternative but free tier is a bit less than Let's Encrypt.
herbst 5 hours ago [-]
If nothing has changed it's still the only one that's free and instant. Back in the day you'd had to pay $10/y and install manually
Weird. The copy I read says they have just deleted that section of their user agreement.
Panzerschrek 18 hours ago [-]
Does it mean that russian/iranian web-sites using letsencrypt stop working and need to change their certificate provider?
altairprime 17 hours ago [-]
Depends on whether LE is compelled to terminate service to BGP AS numbers hosted in U.S.-sanctioned countries, and whether LE continues operating out of the U.S..
account42 9 hours ago [-]
Depending on how you are supposed to read "You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations." it could mean that you are not even allowed to use LE certificate to provide services to sanctioned entities as a random non-US company/person.
They already revoced certificates for some russian sites
pratyahava 5 hours ago [-]
any details on that? links to people reporting it?
ComputerGuru 7 hours ago [-]
This is bullshit on par with the Chinese firewall, meant to effectively prevent the (entire!) western world from information by parties deemed persona non-grata. SSL certificates are supposed to be about security, not geopolitics.
I'm pretty sure a LE server hitting an Iranian or North Korean endpoint and validating a crypto challenge does not break any OFAC or EAR rules, and no money changes hands. And if a non-US entity wants to do it, the US would just sanction them. Microsoft and Mozilla are certainly not going to include a North Korean or Russian state CA in the root trusted certs (and if they did, the US government could just threaten them with sanctions, too).
Hard not to say "we warned you" about making self-signed certs completely unusable in favor of a very centralized approach.
nikolay 6 hours ago [-]
Yeah, let everybody build and use their own services, and then the US will end up having less control and visibility. Great tactics!
ale42 3 hours ago [-]
Time for a non-US equivalent of Let's Encrypt?
pxeger1 17 hours ago [-]
How are they going to enforce this?
nickf 13 hours ago [-]
I would imagine, as a CA that issues only DV certs, they'd disallow issuance to various ccTLDs, and perhaps stop newAccount registrations with email addresses at those ccTLDs. That's about as much as they could do - IP-blocking by region is ineffective and crude at best.
greatgib 7 hours ago [-]
To be put in perspective with their push for very short live certificates, like 7 days, with the argument that anyone can easily get certificate from at any time.
But in fact, little by little you have all the stacks needed to be able to isolate some entities from internet at the us request in a very short time
6 hours ago [-]
mollydzy 3 hours ago [-]
otkroite sait brusha pj
markhahn 3 hours ago [-]
huh?
the linked document shows that bullet item as deleted.
mollydzy 3 hours ago [-]
vklyuchi sait brusha shlyuha
mollydzy 3 hours ago [-]
123
mollydzy 3 hours ago [-]
ale
diimdeep 14 hours ago [-]
the reach is by rough estimates ~2.5–6 million websites globally, 2–5 million of those in Russia and 0.3-1 million in Iran
Whatever USofA, it's not hard to have their own cosmodrome and certificates.
Tangential, in 2026 website certificates feel like nothing, disposable automation artifact, toxic max-security[1], vehicle for those who rent seek, fingerprint.
And now imagine that one of the Trump tantrums contains an announcement of sanctions against the European Union.
marcosdumay 2 hours ago [-]
He already announced sanctions against Spain. And took them back when Germany announced that sanctions against one EU country meant sanctions against them all.
jalospinoso 8 hours ago [-]
The uninteresting version of this is “US entity follows US law.”
The interesting version is that Web PKI is not just cryptographic infrastructure. It is also a policy distribution system. A browser trust store, a CA, a subscriber agreement, revocation rules, export controls, and sanctions law all end up in the request path of "can this site speak HTTPS to normal users?"
That does not make Let’s Encrypt uniquely bad. Any CA has some jurisdiction, owners, contracts, root-program obligations, abuse process, and legal exposure. Moving the CA changes the governance surface; it does not remove governance.
But it does mean "just use Let’s Encrypt" is not a neutral answer when protocols, browsers, APIs, app stores, or regulators effectively require TLS. The operational dependency is not only ACME uptime and certificate issuance. It is also jurisdictional continuity.
The hard product question is what failure mode we want:
1. Web PKI: power concentrates in CAs, browsers, and root programs.
2. DANE/DNSSEC: power shifts toward DNS operators, registries, registrars, and governments.
3. Self-signed / TOFU / pinning: power shifts toward application-specific trust and worse UX.
4. Multiple CAs: better resilience, but still bounded by browser trust stores and legal chokepoints.
There is no apolitical trust system here. There are only different control planes with different failure modes.
The practical ask from Let’s Encrypt should be clarity: issuance vs renewal vs revocation, existing certs vs future certs, domain location vs subscriber location, hosting location vs user location, and how they interpret “use” of a certificate. Without that, operators are left guessing whether this is a narrow compliance clause or a broad infrastructure-risk event.
snowflaxxx 5 hours ago [-]
[flagged]
misano 4 hours ago [-]
[dead]
psy0p 7 hours ago [-]
[dead]
ezbie 10 hours ago [-]
What in the actual fuck?
OutOfHere 6 hours ago [-]
I had the parent organization of LetsEncrypt (Internet Security Research Group) in my Will, but after reading this, I will remove it immediately. US sanctions harm too many innocent people.
cynicalsecurity 8 hours ago [-]
This actually makes sense. No freedom for the enemies of freedom.
hinata08 7 hours ago [-]
the list of ppl under US sanctions is staggering
Europe starts to shield itself from the risk since Nicolas Guillou, the French ICC judge who issued a warrant against bibi got sanctioned (France officially protested about this case)
China is being successful at blocking US firms out of their supply chains (they already use Linux on Loongarch processors with some homemade architecture and pioneer RISC V), since a bunch of their companies also got sanctions for supplying the governement
US stands so much for freedom that it's the first country to refuse immigration to FIFA world cup teams and athletes, with Iranians not allowed to stay between games and Somali goalkeeper being turned away at the border. Germany itself didn't do for the 1936 Olympics.
So at best, they're only shooting themselves in the foot by showing any US component in a supply chain is a risk, while using US clouds were already a risk of loss of revenue from FISA requests to undercut your bid and rot your company and using US dollars for trade was already a liability
In the meantime, US companies can do anything, break any financial law and abuse every human right, they'll just sign DPAs to avoid prosecution
mswphd 8 hours ago [-]
love thought-terminating cliches. really helps keep from actually thinking ever.
cynicalsecurity 7 hours ago [-]
Your comment reads like a thought-terminating cliché. If Russia occupied your city, killed your family and friends and left you homeless, you might reconsider giving freedom to those who take it away from others. Unfortunately, sanctions are often very easy to evade.
Shish2k 7 hours ago [-]
This is a reasonable point, if "enemies of freedom" and "enemies of America" are synonymous...
contagiousflow 7 hours ago [-]
Now imagine the USA did that to the city you live in...
hinata08 7 hours ago [-]
it can't happen, they only attack civilians in countries that have weapons of mass destruction or have a evil economic system of socialized healthcare and labor market
They also don't like states that threaten business by turning workers into a commodity that you have to compensate each month ; Spain sunk the Maine ; and they had manifest destiny given from God to get rid of natives
queenkjuul 6 hours ago [-]
Ah right, that's why there's US sanctions on Israel?
greyface- 7 hours ago [-]
[dead]
CrzyLngPwd 8 hours ago [-]
But what if you're the baddies?
bigfishrunning 6 hours ago [-]
Then try not to be completely dependent on the products of a company that is under the control of your enemy.
cindyllm 6 hours ago [-]
[dead]
Towaway69 18 hours ago [-]
Sanctioned has a double meaning here[1]:
> 2. officially or formally ratified or confirmed.
> 3. penalized, especially by way of discipline or to force compliance with legal obligations.
So who can use lets encrypt? Those that are penalised or those that are confirmed.
> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target
of comprehensive U.S. sanctions; (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;
or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b). You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.
gossamer 5 hours ago [-]
It took me a minute to understand the original post because the verb sanction means both itself and basically the opposite of itself. It would be better to say "any territory that the US has levied sanctions against". I thought LetsEncrypt had banned its usage in the US! The word for words like sanction is contronym.
That said, pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries. I'm sure some of y'all are old enough to remember when web browsers came in "international friendly" versions that supported 40 bit encryption, or "fancy secure" versions with 128 bit encryption.
Most of our sanctions-related blocks apply only to the governments of certain sanctioned countries, not their general population.
This subscriber agreement update was intended to better reflect our legal requirements. It does not reflect a major change in the service we provide. Our compliance program does evolve over time, and part of that is communicating about it better in our terms of service. It's clear from some of the comments here that we have more work to do to make that text more understandable, we'll work on that.
> That said, pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries. I'm sure some of y'all are old enough to remember when web browsers came in "international friendly" versions that supported 40 bit encryption, or "fancy secure" versions with 128 bit encryption.
It doesn't.
If complying with the law gets in the way of the mission I’m not sure that counts as a change to the mission.
http://www.cypherspace.org/adam/uk-shirt.html
A t-shirt with a Perl script that implemented RSA encryption strong enough to be technically illegal to export from the US.
(I must sadly admit to being too cowardly/sensible to have taken that shirt to the US in the late 90s...)
This is most likely OFAC. Lets Encrypt could apply for a license to do business with sanctioned entities, and given their use case it would most likely be approved.
https://ofac.treasury.gov/ofac-license-application-page
[0]: https://en.wikipedia.org/wiki/Wickard_v._Filburn
They might be compelled to issue a certificate to an unauthorized (by browser PKI policies, not local law) entity, but that would be very conspicuous due to Certificate Transparency.
Anonymity and encrypted communication are two very, very different things. Have one but not the other and you're essentially handing off your private data incl. passwords to whoever that has a tap on the communication between you and the server can fetch them, too. Have the other but not the one and everyone will know who you are, but they can't eavesdrop.
Because they're betraying their own goals, as stated in their About page: “It is a service run for the public’s benefit. [...] Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. [...] Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.” Now they own they are under the control of a political organization.
Here is the paragraph Let's Encrypt added to their Subscription Agreement on 2026-06-04:
> You are not a person or entity that is:
> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions;
> (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;
> or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b).
> You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.
> "Across 2018-2019, the RISC-V community has reflected on the geo-political landscape and we have heard concerns from around the world that investment in RISC-V must come with IP access continuity to ensure a long-term strategic investment. We first mentioned our intentions to move at the December 2018 summit. Incorporation in Switzerland has the effect of calming concerns of political disruption to the open collaboration model. RISC-V International does not maintain any commercial interest in products or services as a non-profit, membership organization. There have not been any export restrictions on RISC-V in the US and we have complied with all US laws. The move does not circumvent any existing restrictions, but rather alleviates uncertainty going forward.
> In March 2020, the RISC-V International Association was incorporated in Switzerland. Along with this, we shifted to a new, more inclusive membership structure. Members of RISC-V International have access to and participate in the development of the RISC-V ISA specification and extensions as well as related hardware and software. RISC-V has a Board of Directors composed of member representatives as well as a Technical Committee of work group leaders."
> RISC-V International has not incorporated in Switzerland based on any one country, company, government, or event. This move is reflective of community concern and managing strategic risk for our community investing in RISC-V for the next 50+ years.
> The IP contributed and produced by RISC-V International is held under industry and global standard licenses that are already open to leverage by any company regardless of jurisdiction. This licensing is a common open source approach to foster collaboration that is not tied to any geographic regulation. IP in the public domain has not been subject to export control.
https://riscv.org/about/
Or rather, when other countries say "sanctions", they are almost always talking about something completely different than the United States.
It’s a bit like the US arresting your mom at home in Texas because you ate a baggie of magic truffles in Amsterdam.
The US has not "sanctioned" LetsEncrypt or ISRG. The US sanctions foreign entities as punishment for various reasons precisely because they are not subject to US law. That's the entire point of leveraging a sanction -- to pressure those outside of your legal jurisdiction. If they were in your jurisdiction, you'd simply arrest them.
People and organizations basically anywhere not permitted to do business with anyone your country has sanctioned. Anyone who does business internationally should be aware of their country's sanctioned list. That applies no matter where you live on the planet.
This is literally about a company that has a branch in the USA and another branch in another country, where it's bound by that country's laws. If the foreign entity which just so happens to be commercially linked to the one in the USA has any dealings with countries sanctioned by the US, the US branch is punished.
There was a case a few years ago where a public University in Brazil bought lab computers from Dell Brasil. Dell Brasil is a subsidiary of Dell, but it's 100% incorporated in Brazil, the computers were manufactured in Brazil, everything following Brazilian law. The computers were delivered with terms of service that prohibited them from being used for any dealings with US-sanctioned countries such as Iran and Cuba. The University was caught by surprise and questioned it, since they had many academic links with Cuban Universities, and Dell Brasil explained that.
I don't know how the whole ordeal ended. The Brazilian Federal Government got involved, I believe the Ministry of Exterior and the Ministry of Commerce and Industry both got involved and were at one point going to sue Dell Brasil. I suspect it ended with the University returning the computers and purchasing from another supplier.
The suggestion that Let's Encrypt could work around US sanctions by opening a branch in the EU falls under similar conditions, and the US branch would be liable if the EU subsidiary had dealings with US-sanctioned countries.
We're not talking about legal obligations in its home country though. I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher. (Of course it would be a crime for either the parent or the subsidiary to sell to 19 year olds in the US)
(No-one is blaming Dell or Let's Encrypt here, to be clear, it's the US' excessive extraterritorial laws that are the problem)
> I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher.
Because there is no US law that says you cannot sell alcohol to people abroad under 19. Heck, there's no US federal law that says Jack Daniels can't sell to people in the US under 19, either. And in fact, there are some places in the US where you can legally drink at 18, e.g. Puerto Rico. But if the US congress wanted to pass one of these laws and enforce it, it could.
But the US isn't really unique in applying their laws extraterritorially. See GDPR, Universal jurisdiction laws, China's National Security Law, etc... Every jurisdiction with sizable power does it. Some of these are even more extraterritorial in scope than US sanctions are.
At least in Brazil, companies that operate there must obey local laws. What happens when those laws are in contradiction with US laws, like in the example I cited? Is Brazil supposed to cave? Is Brazil supposed to keep fining Dell Brasil until it folds? Maybe prosecute Dell Brasil's directors for actively and repeatedly disregarding the law and fines?
How does that work on a global scale?
I'll say again, this is not about a US company opening a foreign subsidiary to do things in the US that are forbidden in the US. This is about a company incorporated abroad having to follow US laws while operating wholly abroad. This is a breach of sovereignty however you look at it.
Yes, sometimes this causes compliance complication. This isn't unusual, it happens frequently.
Ultimately, every government exercises the laws of their country as they see fit, using the enforcement tools they have available to them. These rules often extend outside of their borders and apply to foreign or partially-foreign entities depending on the situation. The only limits on this are the practical means of enforcing it.
Dell Brazil would have been subject to Cuba sanctions because it was controlled by the US parent company. The US has obvious jurisdiction over Dell Technologies the parent company, and the nexus to enforce it.
Nothing you are are describing is even remotely unique to the US. No country is going to let you set up a foreign subsidiary to launder goods around sanctions law. If they did, everyone would do that and nobody would ever follow sanctions.
e.g. https://www.consilium.europa.eu/en/policies/sanctions-agains...
It is free only if you ignore the cost of getting the thing into the orbit in the first place.
Edit: also, AFAIK, normal microchips (without special radiation hardening) don't last that long in space
Let say someone created an Russian Let's Encrypt. It has all the technical aspects as regular LE in that you can request a certificate and get one through an acme challenge. That is all great and all, but no browser will recognize it as valid. No operative system will recognize it as valid. The Russian state might add the new LE as valid for government computers, but the real work would be to get any other participants in the world to do the same. The issue is not a technical one but rather a social one that is built on trust.
When Russia invaded Ukraine there was a major discussion if IANA/ICANN should have disconnected Russia from domain names and IP addresses. That discussion ended on a decision to not do that because the symbolic benefit was deemed minor compared to the harm to the system in large, especially once the war end. If you got two roots, then a domain name or IP address can now suddenly have two locations, and it would be a massive pain to try fix it even if people wanted to fix it. Certificate Authorities do not share this trait since there can be an almost unlimited number of roots and none of them can conflict with each other (assuming no hash collision). If Russia spins up a new CA then people can use that one today if they want to, and they can continue to do so after the war has ended.
Russian quasi-government structures are spending quadrillion of rubles on a TSPU (censorship system) to spy on Russian residents, US ...helps them by making snooping on what is currently encrypted traffic possible by banning accessible encryption!
The terms of service update to clarify what we have always done, comply with relevant law, has not changed the situation for either country.
According to https://news.ycombinator.com/item?id=48457280 it affects all people ordinarily resident in those territories, not just their governments:
> You are not a person or entity that is:
> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions;
> [other 'or' conditions]
Let's Encrypt can issue certificates for non-government entities in Iran and Russia due to statutory exemptions protecting personal communications, alongside specific Office of Foreign Assets Control (OFAC) authorizations designed to promote Internet freedom and human rights.
We will look into whether we can make things more easily understandable in the subscriber agreement.
"You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; "
this says nothing (edit: specific) about government (edit: only), and is applicable to normal people in those areas.
Still needs updating if it's supposed to only apply to governments, though.
Digital certificates that signs software packages are used to enforce exclusion by some manufacturers. Let's encrypt is not in that space to my knowledge, but it is a place where you the owner do not have the right to determine which certificate authority should be trusted, and generally the only one that is trusted is the manufacturer. Its arguable if we even should be calling such entities a certificate authority, even if they technically are the owner of the root certificate that signs the package.
Russian government issued their new root certificate years ago.
Nobody trusted it enough to request a certificate from them or install it on their computers. Including almost all of the russian residents.
If Let's Encrypt enforces the rules, as written in pdf, a lot of people would lose a choice.
Frankly, even publishing a statement like that would make the scales of trust tip for some.
With all the problems with Web PKI, at least the bad actors are getting distrusted, and this provides a very strong enforcement on the rest. And Certificate Transparency makes sure the mis-issuance would be caught. It is not perfect by any means, but things are getting better.
With DANE (or other country-issued certificates), every government will absolutely double-issue certificates to police, secret service and friends of goverment, and no one will have any recourse. (In the past I'd say that only countries like Russia would do it.. but with today's climate, I am sure both US and many European countries will do that too)
Certificate transparency is nice. Browsers could require it for DANE certificates, just like they require it for current Web PKI certificates.
The people controlling the TLD of interesting can exert control over the domain of interest in order to issue a DANE certificate. But they can also exert control over the domain of interest in order to request a domain control certificate, so widespread use of DANE wouldn't add any new adversaries. If DNSSEC wasn't a mess, and DANE replaced WebPKI, we would eliminate the risk from CAs without adding a new risk --- TLDs (and the DNS root) are existing risks.
Let's not create a world wide PKI based on a political ideology.
> country-issued certificates [...] every government will absolutely double-issue certificates
This is such a strange argument. If you register a .ru domain, do you really think you are safe should the Russian intelligence services ask for a valid certificate? Controlling the actual domain, they could issue ask many domain validated certificates as they wish.
The problem with our current SSL PKI, as so very many people have pointed out over the years, is that any CA is allowed to issue valid certificates for any domain name. There have been proposals to use X.509 extensions to remedy this, but they have seen lesser real world usage than the various certificate revocation schemes, which is very close to zero already.
If there was no way for a Russian CA to issue certificates for .us domains, real world security would improve. A lot. And the other way around, of course.
Feel free to s/Russian/Chinese/ in the above argument or whatever tickles your geopolitical fancies. The argument still stands.
Domain registries decide who owns what domain. That is their literal role. You would think that asserting this ownership cryptographically would be a no-brainer in 2026. Yet we have this discussion over and over again. There are many people whose income quite literally depend on the status quo of our global SSL PKI, which coincidentally also offers no end of possibilities for the various intelligence services around the world.
The next time someone tries to scare you with that governments or intelligence services control DNS and therefore it would be crazy to limit issuance of certificates to them, take a look where they have contracts.
Countries already have CA that issue certificates with more legal force than a handwritten signature. I can open a bank account, pay my taxes and sign up to all government services. But I can't use them for a webpage.
> With DANE (or other country-issued certificates)
DANE isn't a country-issued certificate. It's a scheme where you store your public keys on DNS records. Of course, now we have the issue that DNSSEC (signed DNS records) isn't widespread and the whole issue with DNS registries.
This would be pretty terrible if anyone actually cared about DNSSEC, but luckily for us, no one cares.. So let's keep things this way.
There’s no essential difference between the two from my perspective. Why are these my only choices?
An international body might work, or just move the issue one step back.
Or so they say. How's that been working out in practice?
I guess one doing well enough can be oblivious to all this...
And things only gotten better since - we now have CT logs, and browsers require them, so any mis-issuance can be detected automatically, by any interested third party.
If we go to DANE, we lose this all. "Oops, our CT uploader process failed, we will fix Real Soon(tm) we promise" - and what are browsers going to do? Distrust the entire country?
[0] https://blog.mozilla.org/security/2011/09/02/diginotar-remov...
I didn’t realize the slapped their face on the pavement right after being acquired.
[1] https://en.wikipedia.org/wiki/DigiNotar
In the Dutch hacker scene, Diginotar was a meme. Everyone knew it was a mess there.
Note that phones already try to prevent you from using a certificate that you provide yourself.
Maybe we should have solve the ISP snooping problem by making that illegal instead.
If it were as cheap and efficient as TLS these days, yes, absolutely
> Maybe we should have solve the ISP snooping problem by making that illegal instead.
We could do both! ISP snooping is still a problem for metadata (SNI).
If you want encryption without trust, just use self-signed certs.
I suspect I may have a different notion of trust than you
> Most people using a browser don't even know any person from such an organization nor would or should they have any rational reason to trust them.
Back up one step further -- most people using a browser don't understand the problem set we're talking about even exists
I think the "digital tyranny" is a side effect, not the main goal. They're "mainly a means" to prevent certain kinds of MITM attacks.
Front matter:
2.1 "Term": 3.1 "Warranties":Let's Encrypt becomes subject to US export restrictions on cryptography if they are a US company, or if they post anything to github or post anything to major app stores. Every app I have ever posted to Google Play has had to submit a form to the US government declaring what use they make of cryptography.
These restrictions have been in force since that late 1950s (with a long and complicated history with respect to computer cryptography). This particular text looks like a boilerplate restriction, that's required to comply with US EAR export requirements to me.
When I read it, I interpreted it as "let's encrypt bans certificate usage in - any territories endorsed by the US". Took me reading a couple comments to understand it actually meant "territories under US sanctions".
What's gonna happen if I were to begin or continue using one letsencrypt certificate from ... Greenland? Cuba? The EU?
Has letsencrypt been served with a subpoena?
While it's certainly possible that ISRG has been served a subpoena because it appears the US DOJ is now a mix of hacks and incompetent buffoons, it wouldn't matter because the whole point is that they don't know anything - what you told them is literally logged publicly for everybody to see without even knowing how to spell "subpoena" let alone issue one.
Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena - but the whole fucking point of a Public Key Infrastructure is that we're using Public Key Encryption, if we were OK with everybody having secrets all over the place this entire thing wouldn't be needed.
LetsEncrypt certainly doesn't, but I've seen certificate storefronts that generate the key on their side and provide you the key and the certificate, so you don't have to figure out how to generate a key.
Looking at LavaBit^1 I really would not be so comfortable. The world and especially the US has not gotten more free since then.
[1]https://en.wikipedia.org/wiki/Lavabit
So to be effective this means a hypothetical bad actor (maybe the US government or anybody else) issues bogus certificates, then either logs them - making a permanent record for everybody to see, or also subverts two or more logs, so that they issue bogus proofs.
This is a very expensive one shot attack on whatever the target would be, I guess it's not stupider than "Let's bomb Iran for no good reason" but it's up there.
I would like to think at least all the high profile destinations have someone watching.
The only one who can check for maliciously published certs is the entity authorized to request them. I think most companies are happy when they manage to have valid, not expired certs and do not care too much about making sure there are not too many of them.
You are right that if the state would start issuing malicious certs en mass that would be found out quickly. But I think very targeted selected operations against entities where they know the entity is unlikely to surveil for unauthorized certs are very much possible.
I'm not arguing for going into conspiratorial thinking and claiming CAs are all compromised and issuing malicious certs all the time. But I do think that it is feasible for states to use CAs under their direct or indirect control to run targeted attacks. I think that is a plausible, serious risk that we do not care enough about and that we should do something about. There is a multitude of precedence starting from LavaBit over the wiretapping of jabber.ru^1, ANOM^2 to CryptoAG^3 that supports this conclusion.
[1]https://notes.valdikss.org.ru/jabber.ru-mitm/ [2]https://en.wikipedia.org/wiki/Operation_Trojan_Shield [3]https://en.wikipedia.org/wiki/Crypto_AG
In these cases it's really obvious if there's anything weird going on. You're correct that we can't know, as a third party why there's something weird. Maybe the server was being replaced and the new server just installed an ACME client and got itself a new cert last Tuesday even though the previous one doesn't expire for weeks. But if there was nothing we don't even need to ask anybody what's up - nothing is.
IMNSHO The statistics don't really work for targeted attacks. The odds you'll get away with it are unknowable and you only have to get unlucky once.
There are red flags you can look for, but you need to confirm with the domain owner to be sure. CAA records can tell you what CAs are supposed to issue a certificate. Many companies always use the same CA, so a change to a different one could be suspect.
For the wiretapping scenario, domain verified certificates do not protect against that scenario. If the wiretap has full control of your server's network, then it can issue a certificate of its own. No need to compromise a CA.
https://www.france24.com/en/americas/20250820-us-hits-icc-wi...
Perhaps because "US territories" are a thing, perhaps because it's way more newsworthy if LE bans the US, or perhaps im just a dummie.
The EU could easily bootstrap a Let's Encrypt competitor if it truly cared about removing dependencies on US based entities.
Cross-signed roots are common. Just takes money and maybe audits, but it's the same audit they'd need to get in the browser root stores anyway.
ZeroSSL from Austria also has a limited free tier. https://zerossl.com/pricing/
I mean really, if you use lets encrypt for anything that runs in a production environment, the responsible thing to do is build a fallback to switch to another provider in case LE has a bad day (or hits a brick wall and needs to say, enforce export restrictions).
Add.: I created an account just now to see "what's what" and also found the notice, "Activate your free 90 days certificates. At the end of the free year, the services associated with the certificates will expire." which sort of sounds like it's just a 1-year free trial.
LWN has a good writeup on the audit situation as of 2014: https://lwn.net/Articles/590879/
It is more of an example of how the internet/software industry is too consolidated to the US, and thus other countries are too dependent on the US in those areas. If the internet infrastructure was well distributed, then people in sanction countries could simply get certificates issued by a different CA, and in some cases they can. However, this is complicated by the fact that the list of trusted CAs is dominated by US organizations (Google, Mozilla, Apple, Microsoft). If you want to reach western audience you must use certs from a CA approved by them.
Then I graduated in International Relations and understood that the hole is much deeper than that.
Now it's pretty obvious with all the shit that trump has been doing, but back then me and much of the people I know were oblivious to what US power really means.
Should the US wish to sanction the Hague, somewhat famous for its international court of justice, they would absolutely go after ISRG and it would not be enough for them to sever the ties of the hypothetical Let's Encrypt Europe. That would not be legal or last least highly questionable in most other democratic countries.
In all seriousness, as an American I'd love to see a healthier, more well-distributed tech industry, but I don't see many companies stepping up to provide competing services. It's my understanding that china has alternatives to many of these products/services, but I really don't see how anyone in Europe could possibly use a US-free internet.
Maybe because the US dropped most of its anti trust regulations, leading to ridiculously monopolistic practices such as "acquire everything that may be threatening".
I can only think of Nokia, purchased by microsoft in 2014. Those phones ran windows CE before that even, so you could hardly have avoided the american tech industry.
All I'm trying to say is, it's impossible for Europeans to both A) be on the internet and B) avoid the US tech industry.
This is the main reason letsencrypt is so popular.
But can we still trust them?
I am not well versed in how their systemwide certificate issuance works: If they have to add this to their terms to comply with their government, could the same government use pressure to leverage let’s encrypt to do harm.
- We’re based in Austria (ZeroSSL GmbH). The company was acquired by HID in 2024, which is part of Assa Abloy (Sweden).
- We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.
- For DV certs specifically, we act as a distributor. Under the hood these are Sectigo-issued certificates, similar to how other providers (for example Namecheap) operate.
Happy to clarify further if useful.
OK, but in the context of this topic thr interesting part isn't your marketing but your jurisdiction.
Could you clarify which jurisdiction you operate under and a link on the ZeroSSL website that collaborates that?
Thank you <3
There's no reason to believe they're any less subject to US jurisdiction than LetsEncrypt.
Sadly, their United Terms and Conditions in section 8.2 are even more restrictive than LE's. They reject any entity "located in, incorporated under the laws of, or owned (meaning 50% or greater ownership interest) or otherwise, directly or indirectly, controlled by, or acting on behalf of, a person located in, residing in, or organized under the laws of any country sanctioned under the laws of the U.S. or E.U." See https://www.sectigo.com/uploads/backgrounds/United-Terms-and...
From a layman point of view, it could even mean that the ICC and the UN are prohibited from using Sectigo. The Customer must have no "affiliates, officers, directors, or employees" that are on sanction lists, and the US have sanctioned some high-profile members of the UN and the ICC that spoke about the genocide in Gaza.
If they don’t have any business in the US and any financial ties to the US they won’t be subject to the sanctions. But I believe it will create issues if they want to enter the US market.
HID was acquired by Assa Abloy in 2000. No idea whether that means we now consider it Swedish.
ZeroSSL used to be Austrian until their acquisition in 2024.
I used to work for a company that got acquired by HID. It looks like HID has retained their original offices in some form.
Don't get me wrong, I agree that there is some lack of "who actually runs/controls this", especially on the about page where I expect such things to be.
At the very least it's not as transparent as I'd wish from a CA. E.g their Certificate Agreement is from Sectigo, so are they involved? No mention anywhere else from what I can see.
I can't comment on the EU part though - not that relevant in my case.
That’s a pretty steep increase. I would almost be more interested in a monthly fee per cert.
> By using ZeroSSL's ACME feature, you will be able to generate an unlimited amount of 90-day SSL certificates at no charge, also supporting multi-domain certificates and wildcards. Each certificate you create will be stored in your ZeroSSL account.
[0]: https://zerossl.com/documentation/acme/
is this standard MitM, or is it some crucially distinct variation?
> Also known as a monster-in-the-middle,[1][2] machine-in-the-middle,[3] meddler-in-the-middle,[4] manipulator-in-the-middle,[5][6] person-in-the-middle[7] (PITM), or adversary-in-the-middle[8] (AITM) attack.
Only to people who have a need to be offended.
Genuine question! Because I assumed there were other places you could get a SSL certificate, but people in this thread seem to be implying that without Let's Encrypt, there's no way for people in those sanctioned territories to get a cert.
No account, no payment, a single bash command or a certbot that runs regularly and you have your own globally recognised certificate
Historically, providers used to make the most frictions so that they could justify absolutely crazy fees for signing any certificates. It doesn't goes down well in DevOps, it doesn't work with indies who don't have 3 to 4 digits figures to blow in httpS, everyone including organisations ended up making certificates authorities of their own to sign stuff... and let's encrypt was successful at making certificates easy, free and actually secure
No.
I'm pretty sure a LE server hitting an Iranian or North Korean endpoint and validating a crypto challenge does not break any OFAC or EAR rules, and no money changes hands. And if a non-US entity wants to do it, the US would just sanction them. Microsoft and Mozilla are certainly not going to include a North Korean or Russian state CA in the root trusted certs (and if they did, the US government could just threaten them with sanctions, too).
Hard not to say "we warned you" about making self-signed certs completely unusable in favor of a very centralized approach.
But in fact, little by little you have all the stacks needed to be able to isolate some entities from internet at the us request in a very short time
Whatever USofA, it's not hard to have their own cosmodrome and certificates.
Tangential, in 2026 website certificates feel like nothing, disposable automation artifact, toxic max-security[1], vehicle for those who rent seek, fingerprint.
[1] https://tom7.org/httpv/httpv.pdf
The interesting version is that Web PKI is not just cryptographic infrastructure. It is also a policy distribution system. A browser trust store, a CA, a subscriber agreement, revocation rules, export controls, and sanctions law all end up in the request path of "can this site speak HTTPS to normal users?"
That does not make Let’s Encrypt uniquely bad. Any CA has some jurisdiction, owners, contracts, root-program obligations, abuse process, and legal exposure. Moving the CA changes the governance surface; it does not remove governance.
But it does mean "just use Let’s Encrypt" is not a neutral answer when protocols, browsers, APIs, app stores, or regulators effectively require TLS. The operational dependency is not only ACME uptime and certificate issuance. It is also jurisdictional continuity.
The hard product question is what failure mode we want:
1. Web PKI: power concentrates in CAs, browsers, and root programs. 2. DANE/DNSSEC: power shifts toward DNS operators, registries, registrars, and governments. 3. Self-signed / TOFU / pinning: power shifts toward application-specific trust and worse UX. 4. Multiple CAs: better resilience, but still bounded by browser trust stores and legal chokepoints.
There is no apolitical trust system here. There are only different control planes with different failure modes.
The practical ask from Let’s Encrypt should be clarity: issuance vs renewal vs revocation, existing certs vs future certs, domain location vs subscriber location, hosting location vs user location, and how they interpret “use” of a certificate. Without that, operators are left guessing whether this is a narrow compliance clause or a broad infrastructure-risk event.
Europe starts to shield itself from the risk since Nicolas Guillou, the French ICC judge who issued a warrant against bibi got sanctioned (France officially protested about this case)
China is being successful at blocking US firms out of their supply chains (they already use Linux on Loongarch processors with some homemade architecture and pioneer RISC V), since a bunch of their companies also got sanctions for supplying the governement
US stands so much for freedom that it's the first country to refuse immigration to FIFA world cup teams and athletes, with Iranians not allowed to stay between games and Somali goalkeeper being turned away at the border. Germany itself didn't do for the 1936 Olympics.
So at best, they're only shooting themselves in the foot by showing any US component in a supply chain is a risk, while using US clouds were already a risk of loss of revenue from FISA requests to undercut your bid and rot your company and using US dollars for trade was already a liability
In the meantime, US companies can do anything, break any financial law and abuse every human right, they'll just sign DPAs to avoid prosecution
They also don't like states that threaten business by turning workers into a commodity that you have to compensate each month ; Spain sunk the Maine ; and they had manifest destiny given from God to get rid of natives
> 2. officially or formally ratified or confirmed.
> 3. penalized, especially by way of discipline or to force compliance with legal obligations.
So who can use lets encrypt? Those that are penalised or those that are confirmed.
[1] https://www.dictionary.com/browse/sanctioned
> [You certify to LetsEncrypt that] …
> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations; or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b). You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.