There is no need for a certificate from let’s encrypt. DANE lets you put your ow... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ryao on April 17, 2025 \| parent \| context \| favorite \| on: TLS certificate lifetimes will officially reduce t... There is no need for a certificate from let’s encrypt. DANE lets you put your own self signed certificate into DNS and it should be trusted because DNS is authoritative, although DNSSEC should be required to make it secure.

tptacek on April 17, 2025 [–]

And yet no browser trusts it, and a single-digit percentage of popular zones (from the Tranco list) have signatures; this despite decades of deployment effort. Meanwhile, over 60% of all sites on the Internet have ISRG certificates.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact