So in 2019, you're saying that LE would have been fine with serving 50% of *all*... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		chrisdotcode on July 11, 2023 \| parent \| context \| favorite \| on: Shortening the Let's Encrypt chain of trust So in 2019, you're saying that LE would have been fine with serving 50% of all Android users certificate errors, is that correct? If so, what would make them suggest such a plan in the first place?

rlaager on July 11, 2023 | [–]

Initially, they likely didn’t think they had a choice. The root that had cross-signed them was expiring. (And I wonder if anyone else was willing to cross-sign them.) It turns out that root expirations are handled differently (i.e. ignored) on some platforms, including the relevant old Android.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact