Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Had they gone ahead with their original plan as scheduled, then 1/3 of those using Android would have encountered certificate errors while attempting to browse Let's Encrypt secured websites. Since then people have moved to newer phones and the number of effected devices has drooped down to about 6%. There is still a bit more than a year left before the transition which will of course continue to move the numbers in a favorable direction.


> then 1/3 of those using Android would have encountered certificate errors while attempting to browse Let's Encrypt secured websites.

It was 50% when they announced the plan initially. :-|


So in 2019, you're saying that LE would have been fine with serving 50% of all Android users certificate errors, is that correct?

If so, what would make them suggest such a plan in the first place?


Initially, they likely didn’t think they had a choice. The root that had cross-signed them was expiring. (And I wonder if anyone else was willing to cross-sign them.) It turns out that root expirations are handled differently (i.e. ignored) on some platforms, including the relevant old Android.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: