ISRG (the charity behind Let's Encrypt) has been pretty clear in the past that t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tialaramex on Sept 5, 2020 \| parent \| context \| favorite \| on: All forms of signing email are generally solving t... ISRG (the charity behind Let's Encrypt) has been pretty clear in the past that they aren't interested in doing that. Do you have some particular reason beyond wishful thinking to believe that will change? If you want to build a CA that issues S/MIME certs you can already do that. If you want to leverage ACME you can even do that (using https://datatracker.ietf.org/doc/draft-ietf-acme-email-smime... for example). Perhaps you can persuade S/MIME client implementations that your certificates are universally trustworthy, and then you've got the makings of a PKI for S/MIME. But I would not hold my breath.

AdamJacobMuller on Sept 6, 2020 [–]

Sure, so, setup your own email cert issuing ACME compliant CA. Still easy.

tialaramex on Sept 6, 2020 | [–]

You're the one who wants this, so it's you that will need to set up a Certificate Authority and then get it trusted everywhere for S/MIME. I genuinely wish you good luck with that.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact