So in 2019, you're saying that LE would have been fine with serving 50% of *all*... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

chrisdotcode on July 11, 2023 | parent | context | favorite | on: Shortening the Let's Encrypt chain of trust

So in 2019, you're saying that LE would have been fine with serving 50% of all Android users certificate errors, is that correct?

If so, what would make them suggest such a plan in the first place?

rlaager on July 11, 2023 [–]

Initially, they likely didn’t think they had a choice. The root that had cross-signed them was expiring. (And I wonder if anyone else was willing to cross-sign them.) It turns out that root expirations are handled differently (i.e. ignored) on some platforms, including the relevant old Android.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact