Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

FWIW I got in contact with their R&D team earlier last week and they told me:

    no StartEncrypt API now, later it will support IETF ACME, maybe open source.


I really don't understand why they wouldn't just implement ACME first if they really do plan on getting around to it. What benefit do they really have of trying to go out on their own on this?


"What benefit do they really have of trying to go out on their own on this?"

Apparently, "substantially negative".

Grabbing an open-source ACME implementation really is the canonical value proposition for open source. Work together to make it secure, every individual contributor (once it exists) does less work over all, and even had they successfully implemented StartEncrypt the first time, the value would be in hosting it and attaching their reputation to it, not the API design. So even the usual objections to using open source in a commercial setting hardly apply. There's not much in the way of "look and feel", and no matter how this was going to happen the actual "polish" was going to be done by creating a new website that they could make as polished as they like with no trouble.

In other words, they have comprehensively flubbed this. Even once the code is fixed, the reputation damage is done.

Don't. Implement. Crypto.


Neat. Maybe they can even put license compliance on their roadmap (they statically linked in OpenSSL).




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: