Lets Encrypt June ToS Update: no more for US sanctioned people

9 points by gnunicorn

johnklos

What're some good non-US alternatives for Let's Encrypt?

abbe

Maybe ZeroSSL ? but their CA is signed/certified by Sectigo, which is a US based entity.
- gerikson
  
  ZeroSSL is owned (via HID Global) by Assa Abloy, a company headquartered in Sweden. But most Assa Abloy companies run their own decisions about whom to market to.
  - abbe
    
    Fair enough, although I'm not casting doubt on ZeroSSL, but if Sectigo has any say in who they can indirectly certify (i.e. Sectigo -> ZeroSSL -> sanctioned entity).
  - hoistbypetard
    
    Correct. But they're not a CA. They are a reseller of Sectigo certificates, and Sectigo (though their CA business originally came from Wales, IIRC) is very much a US entity.
    
    I think Assa Abloy also own Entrust, which ought to be Canadian, as a Nortel spinoff, but is administratively US and also not set up for $0 certificates in any form, last I checked.
    
    ZeroSSL also don't market themselves as an non-US certificate provider, likely for reasons related to the above.
- jkachmar
  
  Comment removed by author
goldstein

really unclear if they’re going to enforce it, but if they are, this will have a massive fallout in runet. for reference, more than 92% of .ru domains have let’s encrypt certs. I think this might be a wake-up call about relying on US-based orgs even for those who don’t care about runet, given that you’re essentially relying on stability of US foreign policy.
- hoistbypetard
  
  I think letsencrypt did a massive public good in paving the way for highly automated widely trusted zero cost certificates all around the internet. But now's the time for a similar entity (or five!) in a different jurisdiction to copy the letsencrypt blueprint and help make the model more resilient.