• 0 Posts
  • 10 Comments
Joined 2 years ago
Cake day: July 7th, 2023
  • just_another_person@lemmy.worldtoLinux@programming.devLets Encrypt Ending TLS Client Authentication Certificate Support in 2026
    1·
    6 days ago

    Yes, that’s the same thing. Removing it from one place, and just adding it to another. No big deal.

    I honestly don’t think many people were even using this feature compared to SSL certs. Anyone using TLS everywhere already has their own cert manager workflow, othey’d be using another system to do it ala k8s, or they’d be doing it at the network fabric instead of per-service. I can’t think of many use-cases where regular users of LE would have a TLS-enabled public service they would need other random users to trust. I’m sure there’s some, but nowhere on the scale of their SSL users.

  • just_another_person@lemmy.worldtoLinux@programming.devLets Encrypt Ending TLS Client Authentication Certificate Support in 2026
    1·
    6 days ago

    The PKI in this context is just the platform that is managing the issuing and revocation of certificates not the underlying algorithms being used, if that’s what you’re asking.

    So the LE systems that accept, check, and approve the initial request, and then handle the revocation when needed. Using a different stack for different use-cases is a best practice, simply because if one is compromised, it doesn’t affect the other. In this case it’s just splitting the standard LE web services and TLD services into two different stacks that do the same thing, but I assume would have isolated CAs, one for each use-case. This would mean a new root CA needs to be deployed out into the world in order to verify the TLS side, but maybe I’m missing something.