Certificate logs from the certificate transparency project [0] are already public knowledge and shared freely.
The only thing lets encrypt gets in addition to what's in those logs and publicly discoverable is what challenge you chose (dns or tls), and what email you're using.
> So yes I personally welcome another CA
More CAs generally means more chance that one CA loses a private key or has a vulnerability. Tragically, since browsers trust all CAs for all websites, if the new CA has an issue, people can forge TLS certs for my website even though I have no intention of ever using that new CA.
In a very real way, having an excess of CAs is bad for the security of the entire internet. Letting anyone become a trusted CA would be an unequivocal disaster, so clearly more CAs isn't always good.
I do think there's a balance, where we should have several viable CAs that we trust to be secure, but not 100s of them, just 10s. We already trust a ton more roots than that, so right now I see a new CA as being detrimental to security overall.
That all being said, I'm pretty sure this CA is using an existing trusted root and processes, so since it doesn't require cross-signing in a new root, it's less big of a deal.
Certificate logs from the certificate transparency project [0] are already public knowledge and shared freely.
The only thing lets encrypt gets in addition to what's in those logs and publicly discoverable is what challenge you chose (dns or tls), and what email you're using.
> So yes I personally welcome another CA
More CAs generally means more chance that one CA loses a private key or has a vulnerability. Tragically, since browsers trust all CAs for all websites, if the new CA has an issue, people can forge TLS certs for my website even though I have no intention of ever using that new CA.
In a very real way, having an excess of CAs is bad for the security of the entire internet. Letting anyone become a trusted CA would be an unequivocal disaster, so clearly more CAs isn't always good.
I do think there's a balance, where we should have several viable CAs that we trust to be secure, but not 100s of them, just 10s. We already trust a ton more roots than that, so right now I see a new CA as being detrimental to security overall.
That all being said, I'm pretty sure this CA is using an existing trusted root and processes, so since it doesn't require cross-signing in a new root, it's less big of a deal.
[0]: http://www.certificate-transparency.org/how-ct-works