Ajout d'un article sur Let's Encrypt et les USA

8 files changed, 448 insertions, 0 deletions

diff --git a/notes/res/certificat-signed-usa-alt.svg b/notes/res/certificat-signed-usa-alt.svg
new file mode 100644
index 0000000..f623953
--- /dev/null
+++ b/notes/res/certificat-signed-usa-alt.svg
@@ -0,0 +1,21 @@
+<svg:svg xmlns:svg="http://www.w3.org/2000/svg" width="215" height="215" fill="none" version="1.1" viewBox="0 0 215.493 215.493">
+  <svg:defs>
+    <svg:style><![CDATA[
+    .light-dark-pref {
+      stroke: #1a1b1c;
+    }
+    @media (prefers-color-scheme: dark) {
+      .light-dark-pref {
+        stroke: white;
+      }
+    }
+    .light {
+      stroke: #1a1b1c;
+    }
+    .dark {
+      stroke: white;
+    }
+  ]]></svg:style>
+  </svg:defs>
+  <svg:path stroke-dasharray="6, 3" stroke-width="1.849" d="m 107.20009,8.8400154 21.80278,16.5838846 27.17395,-3.460579 10.58959,25.263491 25.26402,10.58993 -3.46058,27.173948 16.58369,21.80278 -16.58369,21.80277 3.46058,27.17395 -25.26402,10.5896 -10.58959,25.26402 -27.17395,-3.46057 -21.80278,16.58368 L 85.397306,188.16324 58.223357,191.62381 47.633766,166.35979 22.369741,155.77019 25.830318,128.59624 9.2466353,106.79347 25.830318,84.99069 22.369741,57.816742 47.633766,47.226812 58.223357,21.963321 85.397306,25.4239 Z" class="anim rev light-dark-pref"><svg:animate attributeName="stroke-dashoffset" calcMode="linear" dur="2s" repeatCount="indefinite" values="18;0"/></svg:path><svg:path fill="#d6fff8" stroke="#1a1b1f" stroke-width="1.927" d="m 64.255208,45.81924 h 70.884212 l 18.08225,24.386957 V 165.80548 H 64.255208 Z" style="fill:#fff880;fill-opacity:1"/><svg:path stroke="#1a1b1f" stroke-width="1.927" d="m 134.84017,45.81924 v 24.79054 h 18.3815"/><svg:line x1="73.078" x2="128.958" y1="81.518" y2="81.518" stroke="#1a1b1f" stroke-width="1.927"/><svg:line x1="73.078" x2="110.577" y1="94.409" y2="94.409" stroke="#1a1b1f" stroke-width="1.927"/><script/><svg:path d="m 9.836065,2.0341911 c 0.112518,0.038276 0.222436,0.083805 0.329064,0.1363026 l 1.282734,0.6315458 c 0.348138,0.1714034 0.756137,0.1714034 1.104274,0 l 1.282734,-0.6315458 c 1.362589,-0.6708615 3.011025,-0.1101062 3.681887,1.2524821 l 0.07348,0.1623228 0.06282,0.1667409 0.460459,1.3536002 c 0.12497,0.3673712 0.413469,0.65587 0.78084,0.7808401 l 1.353601,0.4604596 c 1.437866,0.4891247 2.206973,2.0512594 1.717848,3.4891256 -0.03828,0.112518 -0.08381,0.222436 -0.136303,0.329064 l -0.631546,1.282734 c -0.171403,0.348138 -0.171403,0.756137 0,1.104274 l 0.631546,1.282734 c 0.670862,1.362589 0.110106,3.011025 -1.252482,3.681887 -0.106627,0.0525 -0.216545,0.09803 -0.329063,0.136303 L 18.89436,18.11352 c -0.367371,0.12497 -0.65587,0.413469 -0.78084,0.78084 l -0.460459,1.353601 c -0.489125,1.437866 -2.05126,2.206973 -3.489126,1.717848 -0.112518,-0.03828 -0.222436,-0.08381 -0.329064,-0.136303 L 12.552137,21.19796 c -0.348137,-0.171403 -0.756136,-0.171403 -1.104274,0 l -1.282734,0.631546 C 8.8025404,22.500368 7.1541036,21.939612 6.4832421,20.577024 6.4307448,20.470397 6.3852151,20.360479 6.3469394,20.247961 L 5.8864798,18.89436 C 5.7615097,18.526989 5.4730109,18.23849 5.1056397,18.11352 L 3.7520395,17.653061 c -1.4378662,-0.489125 -2.2069731,-2.05126 -1.7178484,-3.489126 0.038276,-0.112518 0.083805,-0.222436 0.1363026,-0.329064 l 0.6315458,-1.282734 c 0.1714034,-0.348137 0.1714034,-0.756136 0,-1.104274 L 2.1704937,10.165129 C 1.4996322,8.8025404 2.0603875,7.1541036 3.4229758,6.4832421 3.5296031,6.4307448 3.6395214,6.3852151 3.7520395,6.3469394 L 5.1056397,5.8864798 C 5.4730109,5.7615097 5.7615097,5.4730109 5.8864798,5.1056397 L 6.3469394,3.7520395 C 6.8360641,2.3141733 8.3981988,1.5450664 9.836065,2.0341911 Z M 15.46967,8.9696699 10.050399,14.388941 8.076166,12.019862 C 7.8109929,11.701654 7.3380694,11.658661 7.0198617,11.923834 6.701654,12.189007 6.658661,12.661931 6.923834,12.980138 l 2.5,3 c 0.2823364,0.338804 0.794645,0.362043 1.106496,0.05019 l 6,-6 c 0.292893,-0.2928931 0.292893,-0.7677669 0,-1.0606601 -0.292893,-0.2928932 -0.767767,-0.2928932 -1.06066,0 z" style="fill:#80b7ff;fill-opacity:1;stroke:none;stroke-width:.429579;stroke-dasharray:none;stroke-opacity:.46557" transform="matrix(2.1092 0 0 2.1092 102.13 114.153)"/>
+<svg:g transform="scale(0.47) translate(155, 115)"><svg:path d="M3.03 0h49.13c1.67 0 3.03 1.36 3.03 3.03v32.33c0 1.67-1.36 3.03-3.03 3.03H3.03A3.02 3.02 0 0 1 0 35.37V3.03C0 1.36 1.36 0 3.03 0" style="fill:#b22234"/><svg:path d="M.02 2.73h55.17c.01.1.02.2.02.31v2.94H0V3.03c0-.1.01-.2.02-.3M55.2 8.67v3.24H0V8.67zm0 5.94v3.24H0v-3.24zm0 5.94v3.24H0v-3.24zm0 5.94v3.24H0v-3.24zm0 5.94v2.93c0 .1-.01.21-.02.31H.02c-.01-.09-.02-.2-.02-.3v-2.93h55.2z" fill="#FFF"/><svg:path d="M20.8 0v20.68H0V3.03C0 1.36 1.36 0 3.03 0z" style="fill:#3c3b6e"/><svg:path d="m1.23 2.86.69 2.15L.1 3.68h2.26L.53 5.01zM1.23 7.02l.69 2.15L.1 7.84h2.26L.53 9.17zM1.23 11.18l.69 2.15L.1 12h2.26L.53 13.33zM1.23 15.34l.69 2.15L.1 16.16h2.26L.53 17.49zM3.67.78l.7 2.15L2.54 1.6h2.27L2.97 2.93zM3.67 4.94l.7 2.15-1.83-1.33h2.27L2.97 7.09zM3.67 9.1l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM3.67 13.26l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM3.67 17.42l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM6.12 2.86l.7 2.15-1.83-1.33h2.26L5.42 5.01zM6.12 7.02l.7 2.15-1.83-1.33h2.26L5.42 9.17zM6.12 11.18l.7 2.15L4.99 12h2.26l-1.83 1.33zM6.12 15.34l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM8.57.78l.69 2.15L7.44 1.6H9.7L7.87 2.93zM8.57 4.94l.69 2.15-1.82-1.33H9.7L7.87 7.09zM8.57 9.1l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM8.57 13.26l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM8.57 17.42l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM11.01 2.86l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM11.01 7.02l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM11.01 11.18l.7 2.15L9.88 12h2.26l-1.83 1.33zM11.01 15.34l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46.78l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 4.94l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 9.1l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 13.26l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 17.42l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM15.9 2.86l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM15.9 7.02l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM15.9 11.18l.7 2.15L14.77 12h2.26l-1.82 1.33zM15.9 15.34l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM18.35.78l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 4.94l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 9.1l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 13.26l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 17.42l.7 2.15-1.83-1.33h2.26l-1.83 1.33z"/></svg:g></svg:svg>
diff --git a/notes/res/certificat-signed-usa-dark.svg b/notes/res/certificat-signed-usa-dark.svg
new file mode 100644
index 0000000..f157db9
--- /dev/null
+++ b/notes/res/certificat-signed-usa-dark.svg
@@ -0,0 +1,22 @@
+<svg:svg xmlns:svg="http://www.w3.org/2000/svg" width="215" height="215" fill="none" version="1.1" viewBox="0 0 215.493 215.493">
+  <svg:defs>
+    <svg:style><![CDATA[
+    .light-dark-pref {
+      stroke: #1a1b1c;
+    }
+    @media (prefers-color-scheme: dark) {
+      .light-dark-pref {
+        stroke: white;
+      }
+    }
+    .light {
+      stroke: #1a1b1c;
+    }
+    .dark {
+      stroke: white;
+    }
+  ]]></svg:style>
+  </svg:defs>
+
+  <svg:path stroke-dasharray="6, 3" stroke-width="1.849" d="m 107.20009,8.8400154 21.80278,16.5838846 27.17395,-3.460579 10.58959,25.263491 25.26402,10.58993 -3.46058,27.173948 16.58369,21.80278 -16.58369,21.80277 3.46058,27.17395 -25.26402,10.5896 -10.58959,25.26402 -27.17395,-3.46057 -21.80278,16.58368 L 85.397306,188.16324 58.223357,191.62381 47.633766,166.35979 22.369741,155.77019 25.830318,128.59624 9.2466353,106.79347 25.830318,84.99069 22.369741,57.816742 47.633766,47.226812 58.223357,21.963321 85.397306,25.4239 Z" class="anim rev dark"><svg:animate attributeName="stroke-dashoffset" calcMode="linear" dur="2s" repeatCount="indefinite" values="18;0"/></svg:path><svg:path fill="#d6fff8" stroke="#1a1b1f" stroke-width="1.927" d="m 64.255208,45.81924 h 70.884212 l 18.08225,24.386957 V 165.80548 H 64.255208 Z" style="fill:#fff880;fill-opacity:1"/><svg:path stroke="#1a1b1f" stroke-width="1.927" d="m 134.84017,45.81924 v 24.79054 h 18.3815"/><svg:line x1="73.078" x2="128.958" y1="81.518" y2="81.518" stroke="#1a1b1f" stroke-width="1.927"/><svg:line x1="73.078" x2="110.577" y1="94.409" y2="94.409" stroke="#1a1b1f" stroke-width="1.927"/><script/><svg:path d="m 9.836065,2.0341911 c 0.112518,0.038276 0.222436,0.083805 0.329064,0.1363026 l 1.282734,0.6315458 c 0.348138,0.1714034 0.756137,0.1714034 1.104274,0 l 1.282734,-0.6315458 c 1.362589,-0.6708615 3.011025,-0.1101062 3.681887,1.2524821 l 0.07348,0.1623228 0.06282,0.1667409 0.460459,1.3536002 c 0.12497,0.3673712 0.413469,0.65587 0.78084,0.7808401 l 1.353601,0.4604596 c 1.437866,0.4891247 2.206973,2.0512594 1.717848,3.4891256 -0.03828,0.112518 -0.08381,0.222436 -0.136303,0.329064 l -0.631546,1.282734 c -0.171403,0.348138 -0.171403,0.756137 0,1.104274 l 0.631546,1.282734 c 0.670862,1.362589 0.110106,3.011025 -1.252482,3.681887 -0.106627,0.0525 -0.216545,0.09803 -0.329063,0.136303 L 18.89436,18.11352 c -0.367371,0.12497 -0.65587,0.413469 -0.78084,0.78084 l -0.460459,1.353601 c -0.489125,1.437866 -2.05126,2.206973 -3.489126,1.717848 -0.112518,-0.03828 -0.222436,-0.08381 -0.329064,-0.136303 L 12.552137,21.19796 c -0.348137,-0.171403 -0.756136,-0.171403 -1.104274,0 l -1.282734,0.631546 C 8.8025404,22.500368 7.1541036,21.939612 6.4832421,20.577024 6.4307448,20.470397 6.3852151,20.360479 6.3469394,20.247961 L 5.8864798,18.89436 C 5.7615097,18.526989 5.4730109,18.23849 5.1056397,18.11352 L 3.7520395,17.653061 c -1.4378662,-0.489125 -2.2069731,-2.05126 -1.7178484,-3.489126 0.038276,-0.112518 0.083805,-0.222436 0.1363026,-0.329064 l 0.6315458,-1.282734 c 0.1714034,-0.348137 0.1714034,-0.756136 0,-1.104274 L 2.1704937,10.165129 C 1.4996322,8.8025404 2.0603875,7.1541036 3.4229758,6.4832421 3.5296031,6.4307448 3.6395214,6.3852151 3.7520395,6.3469394 L 5.1056397,5.8864798 C 5.4730109,5.7615097 5.7615097,5.4730109 5.8864798,5.1056397 L 6.3469394,3.7520395 C 6.8360641,2.3141733 8.3981988,1.5450664 9.836065,2.0341911 Z M 15.46967,8.9696699 10.050399,14.388941 8.076166,12.019862 C 7.8109929,11.701654 7.3380694,11.658661 7.0198617,11.923834 6.701654,12.189007 6.658661,12.661931 6.923834,12.980138 l 2.5,3 c 0.2823364,0.338804 0.794645,0.362043 1.106496,0.05019 l 6,-6 c 0.292893,-0.2928931 0.292893,-0.7677669 0,-1.0606601 -0.292893,-0.2928932 -0.767767,-0.2928932 -1.06066,0 z" style="fill:#80b7ff;fill-opacity:1;stroke:none;stroke-width:.429579;stroke-dasharray:none;stroke-opacity:.46557" transform="matrix(2.1092 0 0 2.1092 102.13 114.153)"/>
+<svg:g transform="scale(0.47) translate(155, 115)"><svg:path d="M3.03 0h49.13c1.67 0 3.03 1.36 3.03 3.03v32.33c0 1.67-1.36 3.03-3.03 3.03H3.03A3.02 3.02 0 0 1 0 35.37V3.03C0 1.36 1.36 0 3.03 0" style="fill:#b22234"/><svg:path d="M.02 2.73h55.17c.01.1.02.2.02.31v2.94H0V3.03c0-.1.01-.2.02-.3M55.2 8.67v3.24H0V8.67zm0 5.94v3.24H0v-3.24zm0 5.94v3.24H0v-3.24zm0 5.94v3.24H0v-3.24zm0 5.94v2.93c0 .1-.01.21-.02.31H.02c-.01-.09-.02-.2-.02-.3v-2.93h55.2z" fill="#FFF"/><svg:path d="M20.8 0v20.68H0V3.03C0 1.36 1.36 0 3.03 0z" style="fill:#3c3b6e"/><svg:path d="m1.23 2.86.69 2.15L.1 3.68h2.26L.53 5.01zM1.23 7.02l.69 2.15L.1 7.84h2.26L.53 9.17zM1.23 11.18l.69 2.15L.1 12h2.26L.53 13.33zM1.23 15.34l.69 2.15L.1 16.16h2.26L.53 17.49zM3.67.78l.7 2.15L2.54 1.6h2.27L2.97 2.93zM3.67 4.94l.7 2.15-1.83-1.33h2.27L2.97 7.09zM3.67 9.1l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM3.67 13.26l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM3.67 17.42l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM6.12 2.86l.7 2.15-1.83-1.33h2.26L5.42 5.01zM6.12 7.02l.7 2.15-1.83-1.33h2.26L5.42 9.17zM6.12 11.18l.7 2.15L4.99 12h2.26l-1.83 1.33zM6.12 15.34l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM8.57.78l.69 2.15L7.44 1.6H9.7L7.87 2.93zM8.57 4.94l.69 2.15-1.82-1.33H9.7L7.87 7.09zM8.57 9.1l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM8.57 13.26l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM8.57 17.42l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM11.01 2.86l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM11.01 7.02l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM11.01 11.18l.7 2.15L9.88 12h2.26l-1.83 1.33zM11.01 15.34l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46.78l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 4.94l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 9.1l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 13.26l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 17.42l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM15.9 2.86l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM15.9 7.02l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM15.9 11.18l.7 2.15L14.77 12h2.26l-1.82 1.33zM15.9 15.34l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM18.35.78l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 4.94l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 9.1l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 13.26l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 17.42l.7 2.15-1.83-1.33h2.26l-1.83 1.33z"/></svg:g></svg:svg>
diff --git a/notes/res/certificat-signed-usa-light.svg b/notes/res/certificat-signed-usa-light.svg
new file mode 100644
index 0000000..85fdae2
--- /dev/null
+++ b/notes/res/certificat-signed-usa-light.svg
@@ -0,0 +1,22 @@
+<svg:svg xmlns:svg="http://www.w3.org/2000/svg" width="215" height="215" fill="none" version="1.1" viewBox="0 0 215.493 215.493">
+  <svg:defs>
+    <svg:style><![CDATA[
+    .light-dark-pref {
+      stroke: #1a1b1c;
+    }
+    @media (prefers-color-scheme: dark) {
+      .light-dark-pref {
+        stroke: white;
+      }
+    }
+    .light {
+      stroke: #1a1b1c;
+    }
+    .dark {
+      stroke: white;
+    }
+  ]]></svg:style>
+  </svg:defs>
+
+  <svg:path stroke-dasharray="6, 3" stroke-width="1.849" d="m 107.20009,8.8400154 21.80278,16.5838846 27.17395,-3.460579 10.58959,25.263491 25.26402,10.58993 -3.46058,27.173948 16.58369,21.80278 -16.58369,21.80277 3.46058,27.17395 -25.26402,10.5896 -10.58959,25.26402 -27.17395,-3.46057 -21.80278,16.58368 L 85.397306,188.16324 58.223357,191.62381 47.633766,166.35979 22.369741,155.77019 25.830318,128.59624 9.2466353,106.79347 25.830318,84.99069 22.369741,57.816742 47.633766,47.226812 58.223357,21.963321 85.397306,25.4239 Z" class="anim rev light"><svg:animate attributeName="stroke-dashoffset" calcMode="linear" dur="2s" repeatCount="indefinite" values="18;0"/></svg:path><svg:path fill="#d6fff8" stroke="#1a1b1f" stroke-width="1.927" d="m 64.255208,45.81924 h 70.884212 l 18.08225,24.386957 V 165.80548 H 64.255208 Z" style="fill:#fff880;fill-opacity:1"/><svg:path stroke="#1a1b1f" stroke-width="1.927" d="m 134.84017,45.81924 v 24.79054 h 18.3815"/><svg:line x1="73.078" x2="128.958" y1="81.518" y2="81.518" stroke="#1a1b1f" stroke-width="1.927"/><svg:line x1="73.078" x2="110.577" y1="94.409" y2="94.409" stroke="#1a1b1f" stroke-width="1.927"/><script/><svg:path d="m 9.836065,2.0341911 c 0.112518,0.038276 0.222436,0.083805 0.329064,0.1363026 l 1.282734,0.6315458 c 0.348138,0.1714034 0.756137,0.1714034 1.104274,0 l 1.282734,-0.6315458 c 1.362589,-0.6708615 3.011025,-0.1101062 3.681887,1.2524821 l 0.07348,0.1623228 0.06282,0.1667409 0.460459,1.3536002 c 0.12497,0.3673712 0.413469,0.65587 0.78084,0.7808401 l 1.353601,0.4604596 c 1.437866,0.4891247 2.206973,2.0512594 1.717848,3.4891256 -0.03828,0.112518 -0.08381,0.222436 -0.136303,0.329064 l -0.631546,1.282734 c -0.171403,0.348138 -0.171403,0.756137 0,1.104274 l 0.631546,1.282734 c 0.670862,1.362589 0.110106,3.011025 -1.252482,3.681887 -0.106627,0.0525 -0.216545,0.09803 -0.329063,0.136303 L 18.89436,18.11352 c -0.367371,0.12497 -0.65587,0.413469 -0.78084,0.78084 l -0.460459,1.353601 c -0.489125,1.437866 -2.05126,2.206973 -3.489126,1.717848 -0.112518,-0.03828 -0.222436,-0.08381 -0.329064,-0.136303 L 12.552137,21.19796 c -0.348137,-0.171403 -0.756136,-0.171403 -1.104274,0 l -1.282734,0.631546 C 8.8025404,22.500368 7.1541036,21.939612 6.4832421,20.577024 6.4307448,20.470397 6.3852151,20.360479 6.3469394,20.247961 L 5.8864798,18.89436 C 5.7615097,18.526989 5.4730109,18.23849 5.1056397,18.11352 L 3.7520395,17.653061 c -1.4378662,-0.489125 -2.2069731,-2.05126 -1.7178484,-3.489126 0.038276,-0.112518 0.083805,-0.222436 0.1363026,-0.329064 l 0.6315458,-1.282734 c 0.1714034,-0.348137 0.1714034,-0.756136 0,-1.104274 L 2.1704937,10.165129 C 1.4996322,8.8025404 2.0603875,7.1541036 3.4229758,6.4832421 3.5296031,6.4307448 3.6395214,6.3852151 3.7520395,6.3469394 L 5.1056397,5.8864798 C 5.4730109,5.7615097 5.7615097,5.4730109 5.8864798,5.1056397 L 6.3469394,3.7520395 C 6.8360641,2.3141733 8.3981988,1.5450664 9.836065,2.0341911 Z M 15.46967,8.9696699 10.050399,14.388941 8.076166,12.019862 C 7.8109929,11.701654 7.3380694,11.658661 7.0198617,11.923834 6.701654,12.189007 6.658661,12.661931 6.923834,12.980138 l 2.5,3 c 0.2823364,0.338804 0.794645,0.362043 1.106496,0.05019 l 6,-6 c 0.292893,-0.2928931 0.292893,-0.7677669 0,-1.0606601 -0.292893,-0.2928932 -0.767767,-0.2928932 -1.06066,0 z" style="fill:#80b7ff;fill-opacity:1;stroke:none;stroke-width:.429579;stroke-dasharray:none;stroke-opacity:.46557" transform="matrix(2.1092 0 0 2.1092 102.13 114.153)"/>
+<svg:g transform="scale(0.47) translate(155, 115)"><svg:path d="M3.03 0h49.13c1.67 0 3.03 1.36 3.03 3.03v32.33c0 1.67-1.36 3.03-3.03 3.03H3.03A3.02 3.02 0 0 1 0 35.37V3.03C0 1.36 1.36 0 3.03 0" style="fill:#b22234"/><svg:path d="M.02 2.73h55.17c.01.1.02.2.02.31v2.94H0V3.03c0-.1.01-.2.02-.3M55.2 8.67v3.24H0V8.67zm0 5.94v3.24H0v-3.24zm0 5.94v3.24H0v-3.24zm0 5.94v3.24H0v-3.24zm0 5.94v2.93c0 .1-.01.21-.02.31H.02c-.01-.09-.02-.2-.02-.3v-2.93h55.2z" fill="#FFF"/><svg:path d="M20.8 0v20.68H0V3.03C0 1.36 1.36 0 3.03 0z" style="fill:#3c3b6e"/><svg:path d="m1.23 2.86.69 2.15L.1 3.68h2.26L.53 5.01zM1.23 7.02l.69 2.15L.1 7.84h2.26L.53 9.17zM1.23 11.18l.69 2.15L.1 12h2.26L.53 13.33zM1.23 15.34l.69 2.15L.1 16.16h2.26L.53 17.49zM3.67.78l.7 2.15L2.54 1.6h2.27L2.97 2.93zM3.67 4.94l.7 2.15-1.83-1.33h2.27L2.97 7.09zM3.67 9.1l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM3.67 13.26l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM3.67 17.42l.7 2.15-1.83-1.33h2.27l-1.84 1.33zM6.12 2.86l.7 2.15-1.83-1.33h2.26L5.42 5.01zM6.12 7.02l.7 2.15-1.83-1.33h2.26L5.42 9.17zM6.12 11.18l.7 2.15L4.99 12h2.26l-1.83 1.33zM6.12 15.34l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM8.57.78l.69 2.15L7.44 1.6H9.7L7.87 2.93zM8.57 4.94l.69 2.15-1.82-1.33H9.7L7.87 7.09zM8.57 9.1l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM8.57 13.26l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM8.57 17.42l.69 2.15-1.82-1.33H9.7l-1.83 1.33zM11.01 2.86l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM11.01 7.02l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM11.01 11.18l.7 2.15L9.88 12h2.26l-1.83 1.33zM11.01 15.34l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46.78l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 4.94l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 9.1l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 13.26l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM13.46 17.42l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM15.9 2.86l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM15.9 7.02l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM15.9 11.18l.7 2.15L14.77 12h2.26l-1.82 1.33zM15.9 15.34l.7 2.15-1.83-1.33h2.26l-1.82 1.33zM18.35.78l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 4.94l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 9.1l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 13.26l.7 2.15-1.83-1.33h2.26l-1.83 1.33zM18.35 17.42l.7 2.15-1.83-1.33h2.26l-1.83 1.33z"/></svg:g></svg:svg>
diff --git a/notes/res/certificate_loaded_dep_last_month.png b/notes/res/certificate_loaded_dep_last_month.png
new file mode 100644
index 0000000..a148362
--- /dev/null
+++ b/notes/res/certificate_loaded_dep_last_month.png
diff --git a/notes/res/certificate_visited_dep_last_month.png b/notes/res/certificate_visited_dep_last_month.png
new file mode 100644
index 0000000..02a507c
--- /dev/null
+++ b/notes/res/certificate_visited_dep_last_month.png
diff --git a/notes/res/cloudflare_dashboard_certificate_issuers.png b/notes/res/cloudflare_dashboard_certificate_issuers.png
new file mode 100644
index 0000000..2c3d414
--- /dev/null
+++ b/notes/res/cloudflare_dashboard_certificate_issuers.png
diff --git a/notes/the-us-lock-of-the-web.md b/notes/the-us-lock-of-the-web.md
new file mode 100644
index 0000000..e6298e2
--- /dev/null
+++ b/notes/the-us-lock-of-the-web.md
@@ -0,0 +1,185 @@
+---
+pubDate = 2026-06-19T05:18:46
+tags = ['https', 'web', 'cryptography']
+lang = "en"
+type = "note"
+
+[author]
+name = "ache"
+email = "ache@ache.one"
+
+[[alt_lang]]
+lang = "fr"
+url = "/notes/verrou-états-unien-du-web"
+---
+
+# The us lock of the Web
+
+![Illustration of a signed certificate with the US flag](res/certificat-signed-usa-alt.svg)
+Let's talk about **Let's Encrypt**.
+
+Recently, if you haven't noticed, **Let's Encrypt**, the world's leading Certificate Authority, has added to its terms of use that [it applies U.S. sanctions](https://linuxiac.com/lets-encrypt-certificate-rules-now-include-u-s-sanctions-warranties/).
+This isn't surprising, but it raises questions.
+The application of U.S. law to critical web infrastructure constitutes a major geopolitical weapon.
+
+::::details
+What is _Let's Encrypt_ ?
+
+**Let's Encrypt** is the most well-known web certificate authority in the world.
+
+Stemming from a collaborative effort by Mozilla and the Electronic Frontier Foundation, the most active non-profit organization defending digital rights, Let's Encrypt has truly contributed to installing the little HTTPS padlock icon in your navigation bar.
+
+:::attention
+If you don't know what Let's Encrypt or a certificate authority is, then this blog post may not be entirely for you. Simply understand that we are talking about the padlock in your browser's address bar.
+:::
+
+In order to democratize the use of HTTPS, Let's Encrypt revolutionized certification in two points:
+
+- _Free Of Charge._ Certification by Let's Encrypt is free, period. For competitors in 2014, a certificate cost VERY expensive. Even today, it is the factor that most actors choose **Let's Encrypt**. For information, a certificate costs €188/year at [GlobalSign]... for [a generic certificate] at sectigo.
+- _Automation._ While retrieving a certificate in 2014 required a long verification process, payment, and then manual renewal, Let's Encrypt automates everything. This facilitates everyone's work and contributes to a safer web.
+
+::::
+
+## Dependence on Let's Encrypt
+
+A year ago, [Stéphane Bortzmeyer] posted on Mastodon that 80% of certificates on the web came from **Let's Encrypt**.
+Naturally, I wanted to verify this.
+In particular, I wanted to check to what extent _I was, myself_, an average European, dependent on _Let's Encrypt_.[^ca_ache.one]
+
+[^ca_ache.one]: Just for information, all my certificates are issued by _Let's Encrypt_, including the one for this website.
+
+My first idea was to retrieve data from a [Certificate Transparency Log](https://letsencrypt.org/fr/docs/ct-logs/).
+However, this does not translate my concrete dependency on **Let's Encrypt** and requires many resources.
+A log the size of which is counted in tens of terabytes, I will therefore let them make their own statistics.
+It turns out that Cloudflare has an existing dashboard regarding this:
+
+[![Cloudflare's dashboard about certificate issuers](./res/cloudflare_dashboard_certificate_issuers.png)](https://radar.cloudflare.com/explorer?dataSet=ct&groupBy=ca_owner&filters=uniqueEntries%253Dtrue)
+
+:::details
+From Cloudflare's data:
+
+|     | CA                    | Percentage of issued certificats |
+| --: | :-------------------- | -------------------------------: |
+|   1 | Let's Encrypt         |                              52% |
+|   2 | Google Trust Services |                              17% |
+|   3 | Sertigo               |                              15% |
+|   4 | GoDaddy               |                               6% |
+|   5 | Amazon                |                               4% |
+|   6 | DigiCert              |                             2.5% |
+|   7 | Microsoft             |                             1.4% |
+|   8 | SSL.com               |                             0.69 |
+
+If one includes multiple certificates, that is, several certificates for the same domain name, for example.
+Then **Let's Encrypt** is slightly more productive proportionally, but this does not change the order of importance of each certificate authority (except GoDaddy).
+
+:::
+
+To analyze my personal reliance on Let's Encrypt, I rather opted for a web plugin to install in Firefox.
+This analyzes all the sites that I visit and records the associated certificate authority upon the website’s first visit (within the current month).
+I present [Cert Check] (https://addons.mozilla.org/fr/firefox/addon/cert-check/).
+
+I installed this extension last year on all my devices.
+I can therefore be very precise regarding my concrete dependence on each certificate authority
+
+## Is there a monopole for Let's Encrypt?
+
+Yes, Let's Encrypt is indeed the most used certification authority by the sites that I visit.
+But no, it is not 80% of the sites I visit and it remains less than Cloudflare's figures/numbers.
+
+Over the last month:
+
+|     | CA                    | Percentage visited |
+| --: | :-------------------- | -----------------: |
+|   1 | Let's Encrypt         |             46.098 |
+|   2 | Google Trust Services |              32.40 |
+|   3 | DigiCert              |               7.58 |
+|   4 | Amazon                |               5.26 |
+|   5 | GlobalSign            |               2.93 |
+|   6 | Sectigo               |               2.93 |
+|   7 | USERTrust             |               1.34 |
+|   8 | Go Daddy              |               0.37 |
+|   9 | Certigna              |               0.37 |
+|  10 | HARICA                |               0.37 |
+|  11 | SSL.com               |               0.24 |
+|  12 | SwissSign             |               0.12 |
+
+![Table of percentage of certificats per CA of websites I visited in the last month ](res/certificate_visited_dep_last_month.png)
+
+However, if I take into account all the sites that Firefox has requested, not only those that I visited, it is Google which is the most prolific certificate authority.
+
+:::note
+"Visited sites" are those that appeared in my navigation bar.
+"Requested websites" are those where my browser made an HTTPS request, such as an image displayed on a webpage hosted by another site (which I did not visit directly).
+:::
+
+For the last month:
+
+|     | CA                    | Percentage loaded |
+| --: | :-------------------- | ----------------: |
+|   1 | Google Trust Services |             29.76 |
+|   2 | Let's Encrypt         |             28.97 |
+|   3 | GlobalSign            |             12.67 |
+|   4 | Amazon                |             11.36 |
+|   5 | DigiCert              |              8.43 |
+|   6 | USERTrust             |              3.82 |
+|   7 | Sectigo               |              2.07 |
+|   8 | Go Daddy              |              1.52 |
+|   9 | HARICA                |              0.42 |
+|  10 | SSL.com               |              0.26 |
+|  11 | Buypass               |              0.23 |
+|  12 | Certigna              |              0.19 |
+|  13 | Certum                |              0.07 |
+|  14 | COMODO RSA            |              0.06 |
+|  15 | Deutsche Telekom      |              0.06 |
+|  16 | IdenTrust             |              0.03 |
+|  17 | Entrust               |              0.02 |
+|  18 | Actalis               |              0.02 |
+|  19 | SwissSign             |              0.02 |
+|  20 | emSign                |             0.005 |
+
+![Table of percentage of certificats per CA, of TLD loaded on my browser, in the last month](res/certificate_loaded_dep_last_month.png)
+
+Thus, approximately 46% of the sites I visit have a certificate issued by Let's Encrypt, and 30% of the certificates my browser has used are from Google. My concrete dependence on Google is astonishing, especially if we take into account that I do not use a Google account daily and that it is not even my default search engine!
+
+## A U.S. Dependence / An American Dependence
+
+Many actors were offended when _Let's Encrypt_ modified its terms of use, but few people denounced the American hegemony over the certification infrastructure.
+What my small experience highlights is not only that _Let's Encrypt_ is the Achilles' heel of security on the Internet.
+
+It also means that the **United States signed more than 95% of the certificates of websites that I visited**.
+The first non-U.S. issuer is [GlobalSign](https://en.wikipedia.org/wiki/GlobalSign) (Having its headquarters in Europe, but now more global than European) which signed 3% of the certificates; the second is [HARICA](https://harica.tbs-certificats.com/), a Greek public CA with 0.34%[^geomys].
+
+Worse still, 100% of browsers are subject to US law, even if they don't enforce it until ow, and only two of the 8 [certificate transparency logs](https://certificate.transparency.dev/logs/) are European.
+Only one is Asian!
+
+[^geomys]:
+    I did not know about [Geomys](https://geomys.org/).
+    It is a CT Logs created by [Filippo Valsorda](https://filippo.io/), an Italian cryptographer known in the free world.
+
+    I classified it as European, but let's be honest, its funding is private and of US origin.
+
+The conclusion is clear: the United States has the capacity to subject all actors in the global web security infrastructure to its extraterritorial jurisdiction.
+Certificate signing today is concentrated in the hands of a handful of actors whose legal, financial, and jurisdictional roots fall under the United States.
+
+:::attention
+Here, I focused on certificate authorities, but too much infrastructure is dependent on US authority/U.S. regulatory power.
+:::
+
+Even browsers (Chrome/Google, Firefox/Mozilla, Safari/Apple, and Edge/Microsoft) are subject to American law, which means that the master list of trust certificates is, in reality, a backdoor into our digital intimacy.
+
+This constitutes not only an operational risk but a structural flaw of sovereignty.
+
+It is a global effort that we must implement to regain a healthier ecosystem.
+Not only in Europe. Asia is represented only by China, and the absence of any actor originating from Africa or Latin America is concerning.
+
+Our response should involves several concrete areas:
+
+- Diversifying root certification authorities and transparency logs.
+- Raising awareness among non-US players - whether it's a German host or an Indian developer - about their dependence.
+  It is necessary to realize that supporting the most local infrastructure possible contributes to web resilience.
+- Investing in the development of free web browsers, and more generally, in open source software.
+  The cost sharing provided by open source is the only coherent answer to US hegemony.
+
+**The Web remains a global common good**.
+Its security must not become a lever of pressure dependent on electoral cycles or the trade tensions of Washington.
+It is to all of us that the duty returns to rebalance this balance before digital confidence/trust is instrumentalized.
diff --git a/notes/verrou-états-unien-du-web.md b/notes/verrou-états-unien-du-web.md
new file mode 100644
index 0000000..a8f313b
--- /dev/null
+++ b/notes/verrou-états-unien-du-web.md
@@ -0,0 +1,198 @@
+---
+pubDate = 2026-06-19T05:18:46
+tags = ['https', 'web', 'cryptographie']
+lang = "fr"
+type = "note"
+
+[author]
+name = "ache"
+email = "ache@ache.one"
+
+[[alt_lang]]
+lang = "en"
+url = "/notes/the-us-lock-of-the-web"
+---
+
+# Le verrou états-unien du Web
+
+![Illustration d'un certificat signé par les États-unis](res/certificat-signed-usa-alt.svg)
+Parlons du cas de **Let's Encrypt**.
+
+Dernièrement, si cela vous a échappé, **Let's Encrypt**, l'autorité de certification la plus connue au monde, a ajouté à ses conditions d'utilisation qu'[elle appliquait les sanctions états-uniennes](https://linuxiac.com/lets-encrypt-certificate-rules-now-include-u-s-sanctions-warranties/).
+C'est peu étonnant, mais cela questionne.
+L'application du droit états-unien aux infrastructures critiques du web constitue une arme géopolitique importante.
+
+<!-- Cela intervient après que l'administration Trump ait menaçé de couper les fonds de l'_Open Technology Fund_, dont _Let's Encrypt_ dépendait avant de se rétracter ([$800 000 dollars en 2024/2025](https://www.opentech.fund/projects-we-support/supported-projects/increasing-internet-security-through-shorter-lived-tls-certificates/), soit somme non négligeable mais pas critique). -->
+
+::::details
+Qu'est-ce que _Let's Encrypt_ ?
+
+**Let's Encrypt** est l'autorité de certification du web la plus connue au monde.
+
+Issue d'un effort collectif de Mozilla , et l'_Electronic Frontier Fondation_, l'organisation à but non lucratif de défense des droits numériques la plus active, _Let's Encrypt_ a véritablement contribué à installer le petit cadenas HTTPS dans votre barre de navigation.
+
+:::attention
+Si vous ne savez pas ce qu'est _Let's Encrypt_ ou une autorité de certification, vous n'êtes pas tout à fait le public cible de cet billet de blog.  
+Sachez simplement qu'ici, il est question du cadenas dans la barre de navigation de votre navigateur.
+:::
+Afin de démocratiser l'usage d'HTTPS, _Let's Encrypt_ a révolutionné la certification en deux points :
+
+- _La gratuité_. La certification par _Let's Encrypt_ est gratuite, point. Pour les concurrents de 2014, un certificat coûte TRÈS cher. Encore aujourd'hui, c'est le facteur la majorité des acteurs à choisir **Let's Encrypt**. Pour information, un certificat coûte 188€/an chez [GlobalSign](https://shop.globalsign.com/fr/ssl), $800 pour [un certificat générique](https://www.sectigo.com/fr/blog/cout-certificat-ssl-guide-achat) chez sectigo.
+- _L'automatisation_. Alors que récupérer un certificat en 2014 passe par une procéssus de vérification long, un paiement puis un renouvellement manuel, Let's Encrypt automatise tout. Cela facilite le travail de tout le monde et participe à un web plus sûr.
+
+::::
+
+Concrètement, cela signifie que _Let's Encrypt_ ne délivrera pas de certificat pour une entreprise, une organisation ou une personne sanctionnée.
+Par exemple, aucun site web en Russie ou en Iran ne pourra obtenir ce certificat.
+Plus spécifiquement, [Nicolas GUILLOU](https://sanctionssearch.ofac.treas.gov/Details.aspx?id=54211), juge de la Cour pénale internationale et émetteur du mandat d'arrêt international contre Netanyahou, ne pourra se faire certifier par Let's Encrypt, que ce soit à son compte ou via un sous-traitant.
+
+Concrètement, cela signifie que **Let's Encrypt** ne signera pas de certificat pour une entreprise, organisation ou une personne sanctionnée.
+Par exemple, aucun site web de Russie ou d'Iran ne poura obtenir de certificat.
+Ou encore, Nicolas GUILLOU, juge de la Cour Pénale Internationale, émeteur du mandat d'arrêt Internationale contre Netanyahou, ne poura avoir de certification par _Let's Encrypt_, ni à son compte, ni en sous-traitance.
+
+## La dépendance à Let's Encrypt
+
+Il y a un an de cela, [Stéphane Bortzmeyer](https://www.afnic.fr/association-excellences/qui-sommes-nous/equipe/stephane-bortzmeyer/) postait sur Mastodon que 80% des certificats sur le web provenaient de **Let's Encrypt**.  
+Alors forcément, j'ai voulu vérifier cela.
+En particulier, j'ai voulu vérifier à quelle point _j'étais, moi_, européen moyen, dépendant de _Let's Encrypt_.[^ca_ache.one]
+
+[^ca_ache.one]: Juste pour information, tous mes certificats sont émis par _Let's Encrypt_, dont celui du présent site web.
+
+Ma première idée était de récupérer les données d'un [journal de transparence des certificats](https://letsencrypt.org/fr/docs/ct-logs/) (log TC ou _Certificat Transparency Log_ en anglais).
+Cependant, cela ne traduit pas MA dépendance concrête à **Let's encrypt** et demande beaucoup de ressources.
+La taille d'un journal se comptant en dizaine de téraoctets, je les laisse donc faire leurs propres statistiques.  
+Il se trouve que Cloudflare possède justement un tableau de bord à ce sujet :
+
+[![Tableau de bord de Cloudflare](./res/cloudflare_dashboard_certificate_issuers.png)](https://radar.cloudflare.com/explorer?dataSet=ct&groupBy=ca_owner&filters=uniqueEntries%253Dtrue)
+
+:::details
+D'après les données de Cloudflare.
+
+|     | CA                    | Pourcentage des certificats délivrés |
+| --: | :-------------------- | -----------------------------------: |
+|   1 | Let's Encrypt         |                                  52% |
+|   2 | Google Trust Services |                                  17% |
+|   3 | Sertigo               |                                  15% |
+|   4 | GoDaddy               |                                   6% |
+|   5 | Amazon                |                                   4% |
+|   6 | DigiCert              |                                 2.5% |
+|   7 | Microsoft             |                                 1.4% |
+|   8 | SSL.com               |                                 0.69 |
+
+Si on inclut les certificats multiples, c'est-à-dire plusieurs certificats pour le même nom de domaine par exemple.
+Alors **Let's Encrypt** est légèrement plus productif en proportion, mais cela ne change pas l'ordre d'importante de chaque autorité de certification (sauf GoDaddy).
+
+:::
+
+Pour analyser ma dépendanse personnelle à Let's Encrypt, j'ai plutôt opté pour une module web (ou _plugin web_) à installer dans Firefox.
+Celui-ci analyse tous les sites que je visite et enregistre l'autorité de certification associée à la première visite du site web (dans le mois courant).
+Je vous présente [Cert Check](https://addons.mozilla.org/fr/firefox/addon/cert-check/).
+
+J'ai installé cette extension l'année dernière sur tous mes appareils.
+Je peux donc être très précis sur ma dépendance concrête à chaque autorité de certification.
+
+## Y a-t-il un monopole _Let's Encrypt_ ?
+
+Oui _Let's Encrypt_ est bien l'autorité de certification la plus utilisée par les sites que je visite.  
+Mais non, ce n'est pas 80% des sites que je visite et ça reste moins que les chiffres de Cloudflare.
+
+Sur le dernier mois:
+
+|     | CA                    | Percentage des sites visités |
+| --: | :-------------------- | ---------------------------: |
+|   1 | Let's Encrypt         |                       46.098 |
+|   2 | Google Trust Services |                        32.40 |
+|   3 | DigiCert              |                         7.58 |
+|   4 | Amazon                |                         5.26 |
+|   5 | GlobalSign            |                         2.93 |
+|   6 | Sectigo               |                         2.93 |
+|   7 | USERTrust             |                         1.34 |
+|   8 | Go Daddy              |                         0.37 |
+|   9 | Certigna              |                         0.37 |
+|  10 | HARICA                |                         0.37 |
+|  11 | SSL.com               |                         0.24 |
+|  12 | SwissSign             |                         0.12 |
+
+![Graphique de la dépendance au CA des sites visités](res/certificate_visited_dep_last_month.png)
+
+Cependant, si je prends en compte tous les sites que Firefox a requêté, pas seulement ceux que j'ai visité, c'est Google qui est l'autorité de certification la plus prolifique.
+
+:::note
+Les sites "visités" sont ceux qui sont apparus dans ma barre de navigation.
+Les sites web requêtés sont ceux où mon navigateur a effectué une requête HTTPS, par exemple, une image affichée dans une page web, mais héberger chez un autre site web (que je n'ai pas visité directement).
+:::
+
+Sur le dernier mois:
+
+|     | CA                    | Pourcentage des NdD chargés |
+| --: | :-------------------- | --------------------------: |
+|   1 | Google Trust Services |                       29.76 |
+|   2 | Let's Encrypt         |                       28.97 |
+|   3 | GlobalSign            |                       12.67 |
+|   4 | Amazon                |                       11.36 |
+|   5 | DigiCert              |                        8.43 |
+|   6 | USERTrust             |                        3.82 |
+|   7 | Sectigo               |                        2.07 |
+|   8 | Go Daddy              |                        1.52 |
+|   9 | HARICA                |                        0.42 |
+|  10 | SSL.com               |                        0.26 |
+|  11 | Buypass               |                        0.23 |
+|  12 | Certigna              |                        0.19 |
+|  13 | Certum                |                        0.07 |
+|  14 | COMODO RSA            |                        0.06 |
+|  15 | Deutsche Telekom      |                        0.06 |
+|  16 | IdenTrust             |                        0.03 |
+|  17 | Entrust               |                        0.02 |
+|  18 | Actalis               |                        0.02 |
+|  19 | SwissSign             |                        0.02 |
+|  20 | emSign                |                       0.005 |
+
+![Graphique de la dépendance au CA des sites visités](res/certificate_loaded_dep_last_month.png)
+
+Ainsi, 46% environ des sites que je visite ont un certificat issue de Let's Encrypt et 30% des certificats que mon navigateur a utilisé sont issues de Google.  
+Ma dépendance concrête à Google est étonnante, surtout si l'on prend on compte que je n'utilise pas de compte Google au quotidien et que ce n'est même pas mon moteur de recheche par défaut !
+
+## Une dépendance états-unienne
+
+De nombreux acteurs se sont offusqués lorsque _Let's Encrypt_ a modifié ses conditions d'utilisation, mais peu de personnes ont dénoncé l'hégémonie états-unienne sur l'infrastructure des certifications.
+
+Je remarque principalement que les **États-Unis[^usa_cert] ont signé plus de 95% des certificats des sites web que j'ai visités**.  
+Le premier acteur non états-uniens est [GlobalSign](https://en.wikipedia.org/wiki/GlobalSign) (Ayant son quatier général en Europe, mais plus mondial qu'européen désormais) qui a signé 3% des certificats, le second est [HARICA](https://harica.tbs-certificats.com/), un CA public Greque avec 0.34%[^geomys].
+
+Pire encore, 100% des navigateurs sont soumis au droit états-unien, même s'ils ne s'y soumettent pas pour plusieurs raisons, et seuls deux des 8 [journaux de transparence des certificats](https://certificate.transparency.dev/logs/) sont européens.
+Un seul est asiatique !
+
+[^usa_cert]: Ici je parle des autorités de certifications soumises directement au droit états-unien.
+
+[^geomys]:
+    Je ne connaissais pas [Geomys](https://geomys.org/).
+    C'est un _CT Logs_ créer par [_Filippo Valsorda_](https://filippo.io/), un cryptographe italien connue dans le monde du libre.
+    Je l'ai classé comme Européen, mais soyons honnête, ses financements sont privés et d'origine US.
+
+La conclusion est claire, les États-Unis ont la capacité de soumettre à leur juridiction extraterritoriale l'ensemble des acteurs de l'infrastructure mondial de la sécurité sur le Web.
+
+La signature de certificat est aujourd'hui concentrée entre les mains d'une poignée d'acteurs dont les racines légales, financières et juridiques relèvent des États-Unis.
+
+:::attention
+Ici, j'ai mis l'accents sur les autorités de certification, mais trop d'infrastructures sont dépendantes de l'autorité états-unienne.
+:::
+
+Même les navigateurs (Chrome/Google, Firefox/Mozilla, Safari/Apple et Edge/Microsoft) sont soumis au droit américain, ce qui signifie que la liste maîtresse des certificats de confiance est, en réalité, une porte dérobée vers notre intimité numérique.
+
+Cela ne constitue pas seulement un risque opérationnel, c'est une faille structurelle de souveraineté.
+
+C'est un effort mondial que nous devons mettre en place pour retrouver un éco-système plus sain.
+Pas seulement en Europe.
+L'Asie n'est représenté que par la Chine et l'absence de tout acteur issue de l'Afrique ou de l'Amérique Latine est inquiétante.
+
+La réponse passe par plusieurs axes concrets :
+
+- Diversifier les autorités de certification racine et les journaux de transparence.
+- Sensibiliser les acteurs non US, que ce soit un hébergeur allemand ou un développeur indien, à leur dépendance.
+  Il faut prendre conscience que soutenir l'infrastructure la plus locale possible contribue à la résilience du web.
+- Investir dans le développement de navigateurs web libres et plus généralement, dans le logiciel libre.
+  La mutualisation des coûts que permet de logiciel libre est la seule réponse cohérente à l'hégémonie états-unienne.
+
+**Le Web reste et doit rester un bien commun mondial**.  
+Sa sécurité ne doit pas devenir un levier de pression dépendant des cycles électoraux ou des tensions commerciales de Washington.
+C'est à nous tous que reviens le devoir de rééquilibrer cette balance avant que la confiance numérique ne soit instrumentalisée.