Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday March 02 2020, @10:15AM   Printer-friendly
from the one-for-you-and-one-for-me-and-one-for... dept.

[Update 2020-03-02 08:34:00 UTC. Full disclosure: SoylentNews uses Let's Encrypt certificates.--martyb]

HTTPS for all: Let's Encrypt reaches one billion certificates issued:

Let's Encrypt, the Internet Security Research Group's free certificate signing authority, issued its first certificate a little over four years ago. Today, it issued its billionth.

The ISRG's goal for Let's Encrypt is to bring the Web up to a 100% encryption rate. When Let's Encrypt launched in 2015, the idea was pretty outré—at that time, a bit more than a third of all Web traffic was encrypted, with the rest being plain text HTTP. There were significant barriers to HTTPS adoption—for one thing, it cost money. But more importantly, it cost a significant amount of time and human effort, both of which are in limited supply.

Let's Encrypt solved the money barrier by offering its services free of charge. More importantly, by establishing a stable protocol to access them, it enabled the Electronic Frontier Foundation to build and provide Certbot, an open source, free-to-use tool that automates the process of obtaining certificates, installing them, configuring webservers to use them, and automatically renewing them.

When Let's Encrypt launched in 2015, domain-validated certificates could be had for as little as $9/year—but the time and effort required to maintain them was a different story. A certificate needed to be purchased, information needed to be filled out in several forms, then one might wait for hours before even cheap domain-validated certificates would be issued.

Once the certificate was issued, it (and its key, and any chain certificates necessary) needed to be downloaded, then moved to the server, then placed in the right directory, and finally the Web server could be reconfigured for SSL.

Every one to three years, you'd need to do the whole thing over again—perhaps only replacing the certificate and key, perhaps also replacing or adding new intermediate chain certificates.

The whole thing was (and is) frankly, a mess... and can easily result in downtime if an infrequently practiced procedure doesn't run smoothly.

[...] In June of 2017, Let's Encrypt was two years old and served its ten millionth certificate. The Web had gone from under 40% HTTPS to—in the United States—64% HTTPS, and Let's Encrypt was servicing 46 million websites.

Today, Let's Encrypt's billionth certificate has been issued, it services 192 million websites, and the United States' portion of the Internet is a whopping 91-percent encrypted. The project manages this on nearly the same staff and budget it did in 2017—it has gone from 11 full-time staff and a $2.61 million budget then to 13 full-time staff and a $3.35 million budget today.

None of this would be possible without a commitment to automation and open standards. We gushed about how easy the EFF's Certbot makes it to deploy and renew Let's Encrypt certificates—but that contribution is only possible because of Let's Encrypt's own focus on standardizing an open ACME protocol that anyone can build a client to operate.

In addition to building and publishing a stable, capable protocol, Let's Encrypt put in the work to submit and ratify it with the Internet Engineering Task Force (IETF), resulting in RFC 8555.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by SomeGuy on Monday March 02 2020, @11:50AM

    by SomeGuy (5632) on Monday March 02 2020, @11:50AM (#965434)

    A billion? You know, that means a shit ton of money WHEN they start charging for it or monetizing some other way. Good luck going back to HTTP then, the way their campaign is going I fully expect these Nazis to exterminate all normal HTTP support in major browsers.

    Starting Score:    1  point
    Moderation   0  
       Troll=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   2