SoylentNews is people
SoylentNews
Submitted via IRC for Fnord666
The free-to-use nonprofit was founded in 2014 in part by the Electronic Frontier Foundation and is backed by Akamai, Google, Facebook, Mozilla and more. Three years ago Friday, it issued its first certificate.
Since then, the numbers have exploded. To date, more than 380 million certificates have been issued on 129 million unique domains. That also makes it the largest certificate issuer in the world, by far.
Now, 75 percent of all Firefox traffic is HTTPS, according to public Firefox data — in part thanks to Let's Encrypt. That's a massive increase from when it was founded, where only 38 percent of website page loads were served over an HTTPS encrypted connection.
"Change at that speed and scale is incredible," a spokesperson told TechCrunch. "Let's Encrypt isn't solely responsible for this change, but we certainly catalyzed it."
Source: https://techcrunch.com/2018/09/14/three-years-later-lets-encrypt-now-secures-75-of-the-web/
Previously: "Let's Encrypt" Has Issued 1 Million Certificates
Let's Encrypt Issues 100 Millionth Certificate
Let's Encrypt is Now Officially Trusted by All Major Root Programs
(Score: 5, Informative) by Pino P on Wednesday September 19 2018, @05:58PM (1 child)
Despite Let's Encrypt, there's still no public key infrastructure for the Internet of Things. So the real money is in domain names.
You need a fully qualified domain name to get a certificate. Though the annual fee for a domain name is a long-accepted part of the cost of operating a public website, it traditionally hasn't been seen as such for an appliance on a home local area network (LAN), such as a router, network printer, or network attached storage (NAS) device.
The Baseline Requirements for TLS CAs forbid issuing a certificate for an IP address in private network space reserved pursuant to RFC 1918 (10/8, 172.16/12, or 192.168/16) or for a hostname within a reserved top-level domain (such as .local or .internal). Let's Encrypt issues only 20 certificates per week under a particular registrable domain, as defined by Mozilla's Public Suffix List. This means a dynamic DNS user may not be able to obtain a certificate if the provider isn't on the PSL or does not support TXT records. So the only ways to obtain a certificate are A. use one of the few dynamic DNS providers that are on the PSL and support TXT records, B. pray that all your devices' browsers support checking the key fingerprint of a self-signed certificate, or C. pay money for a domain name from a commercial registrar and continue to pay to keep it renewed. This domain name registration fee introduces a new ongoing cost of operating an appliance on a LAN that did not exist before the movement to encrypt the web.
Some people have claimed that one need not worry about encryption on a LAN. The problem with just punting on HTTPS is that new web platform features work only in what the W3C has called "secure contexts" [pineight.com]. When a website served over cleartext HTTP uses a script API reserved for secure contexts, the browser will raise a security exception. The spec trusts localhost but not a LAN because user agents cannot distinguish your trusted home network from an untrusted coffee shop network using the same RFC 1918 space. Some, such as the Presentation API, already require a secure context, which may interfere with ability to stream video from your NAS to your TV. There are also indications that browser publishers will soon retrofit the requirement of a secure context to other APIs relevant to video, such as the Fullscreen API.
(Score: 2) by PartTimeZombie on Wednesday September 19 2018, @10:13PM
Thank you for taking the time to write that out.
I learned something new.