Readers often ask me how I feel about the latest free, public certificate authorities (CAs).
I always tell them the same thing: It’s difficult for a free CA to actually provide any security assurance.

There is no free lunch.I was reminded of this maxim when I read a recent article from HashedOut revealing that the popular, free Let’s Encrypt has issued more than 15,000 digital certificates with the word “PayPal” in the subject name. PayPal itself doesn’t use Let’s Encrypt, so it’s likely that most of these digital certificates are related to phishing attacks (according to HashedOut’s analysis, that would be a whopping 96.7 percent of them).To read this article in full or to leave a comment, please click here

Leave a Reply