Stories
Slash Boxes
Comments

SoylentNews is people

Let's Encrypt - Looking at the Recent Past and Forward to 2018

posted by martyb on Tuesday March 06 2018, @11:49PM   Printer-friendly
from the green-padlock dept.

An Anonymous Coward writes:

In this short article Let’s Encrypt lists challenges ahead, like service growth, new features and infrastructure and finances.

Let’s Encrypt had a great year in 2017. We more than doubled the number of active (unexpired) certificates we service to 46 million, we just about tripled the number of unique domains we service to 61 million, and we did it all while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 46% encrypted page loads to 67% according to statistics from Mozilla - a gain of 21 percentage points in a single year - incredible. We’re proud to have contributed to that, and we’d like to thank all of the other people and organizations who also worked hard to create a more secure and privacy-respecting Web.

I think Let's Encrypt is a great service. Want to share your war story? Can you think of any downsides or threats related to all this?

[Ed note: SoylentNews uses Gandi for "soylentnews.org" and uses LetsEncrypt for all other domains and subdomains. --martyb]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Let's Encrypt - Looking at the Recent Past and Forward to 2018 | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by edIII on Wednesday March 07 2018, @02:25AM

    by edIII (791) on Wednesday March 07 2018, @02:25AM (#648829)

    Is that what is happening? I don't see forced deprecation of older algorithms, but forced deprecation of compromised algorithms, and algorithms proven to be weak when compared to today's cryptanalysis capabilities.

    You can either choose to create a collection of acceptable algorithms that supports as wide a range of devices and browsers as possible, or you security harden, and tighten it down to just a few algorithms. While not a panacea, it's sure a good start. Especially for banking websites, or websites with sensitive data.

    More, and more, my medical records are coming online (despite my efforts to destroy all the copies everywhere), and I'm not particularly enthused to see the IT guy decide optimum device support is more important than optimum security.

    I must take the opposite view here. Let's revoke trusted certificates from people not operating with security in mind, and keep supported algorithms to just that which has been acid tested and still passes. The moment a vulnerability is found, that can't be mitigated, we remove the algorithm.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Moderation   +2  
       Insightful=3, Overrated=1, Total=4
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4