Hi Robert, all:

As a disclaimer, I'm not an engineer/programmer, so I don't know all the technical specifications. However, I am a big advocate for Let's Encrypt, and think it sends a strong message about the service they offer if the RIPE community and NCC endorses them for our networks and infrastructure. So, take my vote with a grain of salt, but I say let's do it (barring any kind of technical issue that I'm simply not aware of).

Best,
-Michael

On Tue, Sep 3, 2019 at 9:58 AM Robert Kisteleki <robert@ripe.net> wrote:

> Still no one has answered why ripe is using self signed certs for anchor
> when they can use let's encrypt for free...

TL;DR if the community prefers it we use LE (+TLSA).

This comes with the expense of some one-time and ongoing operational
work. Considering that anchors don't host any sensitive information,
using self-signed certs (+TLSA) was so far considered good enough.

Regards,
Robert