http://www.tomshardware.com/news/let-s-encrypt-100-million-certificates,34908.html
Let's Encrypt, a Certificate Authority (CA) managed by a non-profit organization whose members include Mozilla and the Electronic Frontier Foundation, among others, reached a milestone of 100 million issued certificates.
[...] When Let's Encrypt's service was first made available, less than 40% of the web was using HTTPS encryption, a milestone that took 20 years to reach, according to the nonprofit. Let's Encrypt has been available for less than two years, and due largely to its free service, 58% of the web now uses HTTPS encryption.
Previously: "Let's Encrypt" Has Issued 1 Million Certificates
[Ed. Note: SoylentNews uses Let's Encrypt certs for its development and Wiki pages, among others.
(Score: 5, Informative) by kaszz on Saturday July 01 2017, @02:12PM (2 children)
Lets just remind everybody that the current model of trust is a bad design. Even if it's better than none. An arbitrary list in the browser decides which CAs that get to authorize anyone to pretend being any site. A DNS based approach is one alternative, but trusting the DNS administrators is also not a good trust model.
(Score: 3, Interesting) by bzipitidoo on Saturday July 01 2017, @03:21PM (1 child)
In the late 90s, there was this s-http. From what I read, it was better than https, but as happens in standards wars, the best solution doesn't always win, for a variety of reasons.
(Score: 2) by kaszz on Sunday July 02 2017, @07:41AM
Interesting, but shttp:// [wikipedia.org] seems vulnerable to downgrade attacks. There is no mention either how to determine who to trust to avoid MITM.