Recommended certificate provider

3 replies [Last post]
fizz
Offline
Joined: 01/11/2020

Is there such a thing as a "libre" certificate authority or provider? I realize that once I put a browser-recognized certificate on my site that every visit calls back to the certificate issuer so they know all of my traffic stats and having a certificate gives the issuer the power to revoke it and kill my site. Torvalds and friends with Lets Encrypt offer one for free, and most GNU/Linux distro sites use the Lets Encrypt certificate, except for RMS personal site which uses Comodo. Just curious about anyone's thoughts here as to the best way to deal with purchasing a certificate. I have used a self-signed certificate but it's not good for public-facing sites and asking people to import it into their browser is a hassle.

Ark74

I am a member!

I am a translator!

Offline
Joined: 07/15/2009

Also there are some mobile phones that will refuse at all to enter such sites.

Not really sure if there are such thing as libre respecting authority, maybe ethical authorities.

I use LetsEncrypt for my projects.

J.B. Nicholson-Owens
Offline
Joined: 06/09/2014

name at domain wrote:
> Is there such a thing as a "libre" certificate authority or provider?

What did you mean when you wrote that? Free in what sense?

Software freedom ("logiciel libre" in French) refers to the freedoms users have with
the software they possess. While one hopes certificate signers use exclusively free
software (they deserve to control their computers too), whatever software each signer
uses is their choice to make.

You seem more concerned with other aspects of browsing privacy and control over your
website but those issues don't have anything to do with free software and it's not
clear what specific freedoms you're referring to.

fizz
Offline
Joined: 01/11/2020

Thanks for the comments on my question. Maybe it should have gone into a different category like "general" so I do appreciate your feedback.

You are right - I'm actually not as concerned about the software cert companies use as about their tracking. Are there any ethical certificate companies that don't track the sites that use their certs? So the freedoms I'm concerned about are the freedoms not to be tracked and controlled by this new "licensing" of the web. Of course ISP's and hosts track activity, so you can't get around the fact that people have to run the infrastructure to make online interactions possible and they obviously track activity.

But if Let's Encrypt is backed by Torvalds, Google, Facebook and any other friends in the silicon valley, are we fools to think they aren't collecting all stats and monetizing that? What stops any certificate company from monetizing the data boom they receive from our sites?

Another thing to be curious about is the script that Let's Encrypt runs on a server to constantly monitor and update the certificate... It may be free, open-source, inspectable, but it's still tracking constantly and each site is the data boom/sale.

So, I am still on a search for a trust-able ethical cert company. If that even exists. Otherwise I will have to come to terms with the fact that it doesn't exist.

Thank you