Notices by Michela (michela@mastodon.club), page 11

@Laurelai @tbeckett Eek. No, it is definitely not. :/

That's not what you were talking about anyway. You were complaining about people correcting spelling errors. Please see my previous comments regarding that.

If you are concerned about classism and ablism, I suggest supporting efforts to aid folks affected by those problems -- better education, health care, and legal protections. People correcting spelling errors is not a problem of any sort.

@tbeckett @Laurelai I agree. Pointing out spelling errors is not classism or ablism.

In fact, doing so makes each of us a more credible, more effective communicator -- actually lifting people up, rather than tearing them down. After all, *everyone* makes mistakes!

So next time someone corrects your spelling, thank them -- they're helping your cause! ;)

@tessaracht lol. That's awesome.

@upshotknothole @micahflee @tessaracht @jerry The situation is a lot better than it was before. It will get better still. If you're looking for something to be worried about, consider global warming, the rise of authoritarianism, or nuclear armament. The popularity of Let's Encrypt shouldn't keep you up at night. :D

@jerry @tessaracht @micahflee @upshotknothole While a more distributed system (or perhaps the existence of more non-profit CAs) would be better (an area in which we all appear to agree), *honestly, this is nothing to worry about.*

@upshotknothole @micahflee @tessaracht @jerry That article says that it may be legal for the merger you're concerned about, depending on the US state of jurisdiction. We weren't really arguing about that. :)

@deadsuperhero Oh, man. I'm sorry. That is so gross. It would totally ruin my day.

I agree that it was best you didn't get violent, even though doing so would be totally understandable. You probably would have felt bad for a long time for hurting someone like that -- who probably wouldn't be very effective at fighting back.

@micahflee Ah. That makes sense. I wouldn't trust it completely either.

@upshotknothole @micahflee @tessaracht @jerry If this logic had some application in reality, tonnes of non-profits would have been bought and sold already.

According to your theory, Exxon could have, and would have, bought Greenpeace. They have the money and the motive -- much more so than Amazon, or even Symantec, for buying LE -- yet it didn't happen.

@upshotknothole @tessaracht @jerry @micahflee Whatsapp was a for-profit firm, who's principals and investors fully intended to sell at some point in time.

That's a lot different than buying a non-profit, which doesn't even have owners in the same sense that a firm has. Who would sell LE? Does anyone own it? No. It's assets could still be sold, but again, that would be *incredibly* unusual, & against the interests of its benefactors

@gme @tessaracht @upshotknothole @micahflee @jerry Agreed. The point of LE is to encrypt *all* the sites on the Internet, especially those run by folks who do not have much money or who wouldn't buy a certificate before.

It's not there to restrict choice, but to fill a gap the profit-taking firms were not serving well.

The idea is to protect users from surveillance & cracking, all across the Internet.

@micahflee Ah. I didn't know that. I suppose one could use their own locally generated gpg keys in the interim and send mail without using proton mail's gpg kit, but that might be pretty cumbersome.

Good catch. :)

@micahflee Wow. Surprised that hasn't been reported or fixed already.

@tessaracht @micahflee @upshotknothole @jerry Fully agree. A really good middle step would be for some similar independent non-profit CAs to start up in Canada, Switzerland, and elsewhere.

Maximum transparency and auditing would be veey helpful in building trust as well.

@tessaracht @jerry @micahflee @upshotknothole That validation provided by CAs is a big part of how this system works and why we trust / have confidence in sites using TLS / SSL. Otherwise, you could just use self-signed certificates -- they only address one need (encryption, but not third party validation).

@upshotknothole @micahflee @jerry @tessaracht I understand your concern, and also agree with the other comments.

The centralised nature of how these types of CAs work mean that a trusted non-profit like Let's Encrypt is the best place to get TLS / SSL certificates until the way such certificates is completely changed.

@micahflee @tessaracht @upshotknothole @jerry I'm also sure no one will buy Let's Encrypt. They are a registered non-profit. I'm sure buying them isn't impossible, but it would be insane and extremely unlikely -- the board of the ISRG (the LE organisation) would have to agree to such a sale.

@micahflee @upshotknothole @jerry @tessaracht A big question on my mind is, why do you think it is bad for Let's Encrypt to be the world's biggest CA?

Let's Encrypt is a non-profit, created in the public interest. I can't think of a better type of organisation to be trusted with this responsibility.

If it makes you feel better, one can imagine the likes of Symantec (probably the biggest CA today) eventually offering a free tier.