Hacker News: jaas

New comment by jaas in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

jaas — Wed, 10 Jun 2026 02:04:21 +0000

I'm not sure if you're talking generally about sanctions or specifically about Let's Encrypt, but to avoid any doubt: citizens of Crimea are free to use Let's Encrypt. We do not, however, serve government entities in occupied Crimea.

New comment by jaas in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

jaas — Tue, 09 Jun 2026 23:25:54 +0000

I was referring to the requirements imposed on us. When it comes to sanctions, we do not block anything more than what is required by law.

New comment by jaas in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

jaas — Tue, 09 Jun 2026 22:58:41 +0000

Let's Encrypt continues to be available to almost every vulnerable population in the world, including those that need it most. I say almost as I'm hesitant to speak in absolutes regarding a topic as complex as this.

Most of our sanctions-related blocks apply only to the governments of certain sanctioned countries, not their general population.

This subscriber agreement update was intended to better reflect our legal requirements. It does not reflect a major change in the service we provide. Our compliance program does evolve over time, and part of that is communicating about it better in our terms of service. It's clear from some of the comments here that we have more work to do to make that text more understandable, we'll work on that.

> That said, pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries. I'm sure some of y'all are old enough to remember when web browsers came in "international friendly" versions that supported 40 bit encryption, or "fancy secure" versions with 128 bit encryption.

It doesn't.

New comment by jaas in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

jaas — Tue, 09 Jun 2026 20:12:49 +0000

Sanctions compliance is unfortunately fairly complex.

Let's Encrypt can issue certificates for non-government entities in Iran and Russia due to statutory exemptions protecting personal communications, alongside specific Office of Foreign Assets Control (OFAC) authorizations designed to promote Internet freedom and human rights.

We will look into whether we can make things more easily understandable in the subscriber agreement.

New comment by jaas in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

jaas — Tue, 09 Jun 2026 18:51:03 +0000

Let's Encrypt certificates continue to be available in both Iran and Russia, just not for the Iranian and Russian governments.

The terms of service update to clarify what we have always done, comply with relevant law, has not changed the situation for either country.

New comment by jaas in "Let’s Encrypt: Stopping Issuance for Potential Incident – Resolved"

jaas — Fri, 08 May 2026 20:27:46 +0000

In that sense, prepare yourself to be bored.

New comment by jaas in "Let’s Encrypt: Stopping Issuance for Potential Incident – Resolved"

jaas — Fri, 08 May 2026 20:24:37 +0000

Stopping all issuance is an pretty standard response if a CA thinks what they are issuing might be non-compliant in any way. It's an action we're required to take. It's not necessarily a sign of a more dramatic failure mode or key compromise. That said, the impact is the same for as long as the downtime lasts so it is unfortunate and we're sorry for the disruption.

I don't think the premise behind short lived (six day) certificates being viable is that CA issuance never goes down. Sure, the runway is shorter, but not that short. Most down time is a few hours or less, which is not a problem for six day certificates that should be renewed every three days.

Short lived certificates are optional though, so if it's not worth it to you there are longer lifetime options.

New comment by jaas in "Let’s Encrypt: Stopping Issuance for Potential Incident – Resolved"

jaas — Fri, 08 May 2026 20:10:00 +0000

This is a compliance incident, we should be issuing again shortly.

Update: Issuance is back up.

Update: Preliminary incident report:

https://bugzilla.mozilla.org/show_bug.cgi?id=2038351

6-Day and IP Address Certificates Are Generally Available

jaas — Fri, 16 Jan 2026 15:37:19 +0000

Article URL: https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability

Comments URL: https://news.ycombinator.com/item?id=46647491

Points: 506

# Comments: 281

New comment by jaas in "Volvo Centum is Dalton Maag's new typeface for Volvo"

jaas — Wed, 24 Dec 2025 11:43:38 +0000

Seat heat is one click in my 2022 Volvo. Or as others have noted, you can use your voice.

New comment by jaas in "Palantir Thinks College Might Be a Waste. So It's Hiring High-School Grads"

jaas — Sun, 02 Nov 2025 16:49:06 +0000

It’s hard to be ready for a world you do not understand, and the world is a lot more than engineering or any other single subject.

New comment by jaas in "We saved $500k per year by rolling our own "S3""

jaas — Mon, 27 Oct 2025 05:26:37 +0000

Their networking is awful in my experience. The WiFi chip is cheap crap, extremely sensitive, cuts out a lot, and doesn’t support WPA3.

I had to set up a dedicated Nanit-only AP in my house in order to stabilize the connection. It would not work any other way, tried many different configurations, even other APs.

New comment by jaas in "Why, as a responsible adult, SimCity 2000 hits differently"

jaas — Sun, 21 Sep 2025 10:47:19 +0000

I know lots of parents in NYC (where I live with multiple kids) and their lives have not “broken down.” What an absurd statement/generalization.

New comment by jaas in "Git: Introduce Rust and announce it will become mandatory in the build system"

jaas — Sat, 20 Sep 2025 14:49:23 +0000

Rust is generally a much better tool for building software than C. When your software is built with better tools, you will most likely get better software (at least eventually / long term, sometimes a transition period can be temporarily worse or at least not better).

New comment by jaas in "Native ACME support comes to Nginx"

jaas — Thu, 11 Sep 2025 18:34:26 +0000

If you are using Nginx, then likely yes.

New comment by jaas in "With AI Boom, Dell's Datacenter Biz Is Finally Bigger Than Its PC Biz"

jaas — Wed, 03 Sep 2025 17:29:12 +0000

We buy them because our experience is that they are extremely reliable and their iDrac management system is better than the alternatives, which saves us time (thus money). Maybe they aren’t the cheapest at initial purchase, but less maintenance and the ease of administration makes up for it.

New comment by jaas in "SSL certificate requirements are becoming obnoxious"

jaas — Tue, 26 Aug 2025 13:29:12 +0000

Section 3.2.2.9 of this document:

https://cabforum.org/working-groups/server/baseline-requirem...

You can also just search the document for the word "Perspective" to find most references to it.

New comment by jaas in "Go is still not good"

jaas — Fri, 22 Aug 2025 12:51:49 +0000

Go has a big, high quality standard library with most of what one might need. Means you have to bring in and manage (and trust) far fewer third party dependencies, and you can work faster because you’re not spending a bunch of time figuring out what the crate of the week is for basic functionality.

New comment by jaas in "Don’t use “click here” as link text (2001)"

jaas — Wed, 02 Jul 2025 12:32:06 +0000

The idea is that some people don’t click - that refers mainly to people using a mouse, and many people are not using a mouse. So it is overstating information about what to do.

New comment by jaas in "LetsEncrypt – Expiration Notification Service Has Ended"

jaas — Mon, 30 Jun 2025 13:06:22 +0000

It's not just about the money:

"Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records. As an organization that values privacy, removing this requirement is important to us."

A check to cover the cost of the system would not solve this part of the problem.