SoylentNews is people
SoylentNews
In this short article Let’s Encrypt lists challenges ahead, like service growth, new features and infrastructure and finances.
Let’s Encrypt had a great year in 2017. We more than doubled the number of active (unexpired) certificates we service to 46 million, we just about tripled the number of unique domains we service to 61 million, and we did it all while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 46% encrypted page loads to 67% according to statistics from Mozilla - a gain of 21 percentage points in a single year - incredible. We’re proud to have contributed to that, and we’d like to thank all of the other people and organizations who also worked hard to create a more secure and privacy-respecting Web.
I think Let's Encrypt is a great service. Want to share your war story? Can you think of any downsides or threats related to all this?
[Ed note: SoylentNews uses Gandi for "soylentnews.org" and uses LetsEncrypt for all other domains and subdomains. --martyb]
(Score: 2) by TheRaven on Wednesday March 07 2018, @10:05AM
It's not so much the new certs, or even the new algorithms, it's newer versions of the TLS protocol. All SSL versions and TLS 1.0 have known attacks and so a lot of servers now simply refuse to support clients requesting versions prior to 1.1, and an increasing number require 1.2. This was what killed both my ancient Android phone and my partner's newer Windows Phone one: they didn't support the versions of the TLS protocol that things needed.
That said, TLS 1.2 was finalised in 2008. Software that doesn't support a decade-old version of a key security protocol is probably a sign that it also has other security vulnerabilities and shouldn't be allowed on the Internet.
sudo mod me up