summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--notes/the-us-lock-of-the-web.md12
-rw-r--r--notes/verrou-états-unien-du-web.md6
2 files changed, 9 insertions, 9 deletions
diff --git a/notes/the-us-lock-of-the-web.md b/notes/the-us-lock-of-the-web.md
index e6298e2..2eafd08 100644
--- a/notes/the-us-lock-of-the-web.md
+++ b/notes/the-us-lock-of-the-web.md
@@ -35,14 +35,18 @@ If you don't know what Let's Encrypt or a certificate authority is, then this bl
In order to democratize the use of HTTPS, Let's Encrypt revolutionized certification in two points:
-- _Free Of Charge._ Certification by Let's Encrypt is free, period. For competitors in 2014, a certificate cost VERY expensive. Even today, it is the factor that most actors choose **Let's Encrypt**. For information, a certificate costs €188/year at [GlobalSign]... for [a generic certificate] at sectigo.
+- _Free Of Charge._ Certification by Let's Encrypt is free, period. For competitors in 2014, a certificate cost VERY expensive. Even today, it is the factor that most actors choose **Let's Encrypt**. For information, a certificate costs €188/year at [GlobalSign](https://shop.globalsign.com/fr/ssl)... $800 for [a wildcard certificate](https://www.sectigo.com/fr/blog/cout-certificat-ssl-guide-achat) at sectigo.
- _Automation._ While retrieving a certificate in 2014 required a long verification process, payment, and then manual renewal, Let's Encrypt automates everything. This facilitates everyone's work and contributes to a safer web.
::::
-## Dependence on Let's Encrypt
+In concrete terms, this means that Let's Encrypt will refuse to issue a certificate to any entity—be it a company, organization, or individual—that has been sanctioned.
+For instance, no website operating in Russia or Iran can obtain these certificates.
+To be more specific, [Nicolas GUILLOU](https://sanctionssearch.ofac.treas.gov/Details.aspx?id=54211), one of the International Criminal Court judges who issued the international arrest warrant against Netanyahu, cannot get certified by Let's Encrypt, even if he uses a subcontractor.
-A year ago, [Stéphane Bortzmeyer] posted on Mastodon that 80% of certificates on the web came from **Let's Encrypt**.
+## Dependence on Let's Encrypt
+
+A year ago, [Stéphane Bortzmeyer](https://en.wikipedia.org/wiki/St%C3%A9phane_Bortzmeyer) posted on Mastodon that 80% of certificates on the web came from **Let's Encrypt**.
Naturally, I wanted to verify this.
In particular, I wanted to check to what extent _I was, myself_, an average European, dependent on _Let's Encrypt_.[^ca_ache.one]
@@ -76,7 +80,7 @@ Then **Let's Encrypt** is slightly more productive proportionally, but this does
To analyze my personal reliance on Let's Encrypt, I rather opted for a web plugin to install in Firefox.
This analyzes all the sites that I visit and records the associated certificate authority upon the website’s first visit (within the current month).
-I present [Cert Check] (https://addons.mozilla.org/fr/firefox/addon/cert-check/).
+I present [Cert Check](https://addons.mozilla.org/fr/firefox/addon/cert-check/).
I installed this extension last year on all my devices.
I can therefore be very precise regarding my concrete dependence on each certificate authority
diff --git a/notes/verrou-états-unien-du-web.md b/notes/verrou-états-unien-du-web.md
index a8f313b..70f6ca5 100644
--- a/notes/verrou-états-unien-du-web.md
+++ b/notes/verrou-états-unien-du-web.md
@@ -44,11 +44,7 @@ Afin de démocratiser l'usage d'HTTPS, _Let's Encrypt_ a révolutionné la certi
Concrètement, cela signifie que _Let's Encrypt_ ne délivrera pas de certificat pour une entreprise, une organisation ou une personne sanctionnée.
Par exemple, aucun site web en Russie ou en Iran ne pourra obtenir ce certificat.
-Plus spécifiquement, [Nicolas GUILLOU](https://sanctionssearch.ofac.treas.gov/Details.aspx?id=54211), juge de la Cour pénale internationale et émetteur du mandat d'arrêt international contre Netanyahou, ne pourra se faire certifier par Let's Encrypt, que ce soit à son compte ou via un sous-traitant.
-
-Concrètement, cela signifie que **Let's Encrypt** ne signera pas de certificat pour une entreprise, organisation ou une personne sanctionnée.
-Par exemple, aucun site web de Russie ou d'Iran ne poura obtenir de certificat.
-Ou encore, Nicolas GUILLOU, juge de la Cour Pénale Internationale, émeteur du mandat d'arrêt Internationale contre Netanyahou, ne poura avoir de certification par _Let's Encrypt_, ni à son compte, ni en sous-traitance.
+Plus spécifiquement, [Nicolas GUILLOU](https://sanctionssearch.ofac.treas.gov/Details.aspx?id=54211), un des juges de la Cour Pénale Internationale émetteurs du mandat d'arrêt contre Netanyahou, ne pourra se faire certifier par Let's Encrypt, que ce soit à son compte ou via un sous-traitant.
## La dépendance à Let's Encrypt