by dividuum on 4/14/24, 4:13 AM
I'm surprised they basically choose to ignore explicitly made CAA records, if they don’t match any of their CAs. Why bother with setting up CAA records at all if they will be silently ignored?
by skybrian on 4/14/24, 4:46 AM
Most big changes like this get rolled out gradually, but an expiration date causes things to break everywhere at once. They can minimize that impact with this change. Other websites will break first.
But I wonder if they will start using Let's Encrypt again later, in a more gradual way? For example, on any new websites that launch after the expiration date?
by superkuh on 4/13/24, 11:33 PM
It's hard to criticize them for this in this context and I think that's the point. Otherwise, "We are dumping Lets Encrypt and switching to some CA" doesn't sound quite as nice.
by blissofbeing on 4/14/24, 2:43 PM
Which CAs will they be using instead?
by encom on 4/13/24, 11:27 PM
>MITM-as-a-Service switches CA.
by behringer on 4/13/24, 11:54 PM
Someone should tell cloudlare that certificates expire for a reason.
by floodedburner on 4/14/24, 12:20 PM
Read this as LE = Law Enforcement
What a poor title change.