regarding ssl certificates

[Stephan von Krawczynski]

On Thu, 14 Mar 2019 09:51:14 -0400
Phil Turmel via dovecot <dovecot at dovecot.org> wrote:

> On 3/14/19 7:40 AM, Stephan von Krawczynski via dovecot wrote:
> 
> > Sorry I have to write this, but this is again pointing people in a fake
> > security direction.  
> 
> You should be sorry, because you are wrong.
> 
> > The only valid authority for a certificate is the party using it. Any third
> > party with unknown participants cannot be a "Certificate Authority" in its
> > true sense. This is why you should see "Let's Encrypt" simply as a cheap
> > way to fake security. It is a US entity, which means it _must_ hand out all
> > necessary keys to fake certificates to the US authorities _by law_.  
> 
> Certificate authorities, including Let's Encrypt, operate on Certificate 
> Signing Requests, not Private Keys.  Some CAs do offer private key 
> generation in their services for the user's convenience, but it is not 
> recommended (obviously) and in no way required.  Getting a CA to sign a 
> CSR in no way exposes keys to that CA, and therefore not to any government.
> 
> While there are weakness in the CA trust system, they aren't anything 
> related to replacing a snakeoil cert with one from Let's Encrypt.
> 
> [rest of ignorant rant trimmed]

Some facts for you, as obviously you have not understood what a CA is worth
that is compromised by either hackers or "authorities".
If you want to know more, read articles about closing of CA DigiNotar, like:
https://en.wikipedia.org/wiki/DigiNotar

Then read US export laws concerning security devices.
Then judge your US-issued certs...
 
> Phil

-- 
MfG,
Stephan von Krawczynski


------------------------------------------------------
ith Kommunikationstechnik GmbH

Lieferanschrift  : Reiterstrasse 24, D-94447 Plattling
Telefon          : +49 9931 9188 0
Fax              : +49 9931 9188 44
Geschaeftsfuehrer: Stephan von Krawczynski
Registergericht  : Deggendorf HRB 1625
------------------------------------------------------