Let's Encrypt - Looking at the Recent Past and Forward to 2018

An Anonymous Coward writes:

In this short article Let’s Encrypt lists challenges ahead, like service growth, new features and infrastructure and finances.

Let’s Encrypt had a great year in 2017. We more than doubled the number of active (unexpired) certificates we service to 46 million, we just about tripled the number of unique domains we service to 61 million, and we did it all while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 46% encrypted page loads to 67% according to statistics from Mozilla - a gain of 21 percentage points in a single year - incredible. We’re proud to have contributed to that, and we’d like to thank all of the other people and organizations who also worked hard to create a more secure and privacy-respecting Web.

I think Let's Encrypt is a great service. Want to share your war story? Can you think of any downsides or threats related to all this?

[Ed note: SoylentNews uses Gandi for "soylentnews.org" and uses LetsEncrypt for all other domains and subdomains. --martyb]

  • (Score: 4, Interesting) by takyon on Wednesday March 07, @12:09AM

    by takyon (881) Subscriber Badge <takyonNO@SPAMsoylentnews.org> on Wednesday March 07, @12:09AM (#648792) Journal

    A few dollars chipped in from corporate giants, and they have also come under budget:

    We pride ourselves on being an efficient organization. In 2018 Let’s Encrypt will secure a large portion of the Web with a budget of only $3.0M. For an overall increase in our budget of only 13%, we will be able to issue and service twice as many certificates as we did in 2017. We believe this represents an incredible value and that contributing to Let’s Encrypt is one of the most effective ways to help create a more secure and privacy-respecting Web.

    Our 2018 fundraising efforts are off to a strong start with Platinum sponsorships from Mozilla, Akamai, OVH, Cisco, Google Chrome and the Electronic Frontier Foundation. The Ford Foundation has renewed their grant to Let’s Encrypt as well. We are seeking additional sponsorship and grant assistance to meet our full needs for 2018.

    We had originally budgeted $2.91M for 2017 but we’ll likely come in under budget for the year at around $2.65M. The difference between our 2017 expenses of $2.65M and the 2018 budget of $3.0M consists primarily of the additional infrastructure operations costs previously mentioned.

    Decent impact for a small amount of money.

  • (Score: 2) by SomeGuy on Wednesday March 07, @01:04AM (3 children)

    by SomeGuy (5632) on Wednesday March 07, @01:04AM (#648807)

    Yea, great more encrypted pages. Which means anyone who needs to run even a slightly older web browser (because the new ones are too buggy, intentionally fuck up UI stuff, intentionally fuck up other things that used to work, using an OS configuration that suddenly becomes "unsupported", and so on) - well, no web for you!

    Because you know, the encraption methods that were "perfect" five minutes ago are now suddenly "insecure". So upgrade, upgrade, upgrade, UPGRADE!

    Let's face it, nothing is really secure. Every encryption method or security program is broken right out of the door. The only difference is how long it takes before someone TELLS you it broken. You want security, go back to pencil and paper!

    Honestly surprised soylentnews even loads for me these days.

    • (Score: 2) by requerdanos on Wednesday March 07, @01:12AM

      by requerdanos (5997) Subscriber Badge on Wednesday March 07, @01:12AM (#648808) Journal

      great more encrypted pages. Which means...slightly older web browser - well, no web for you!

      While you certainly have a point, I don't think it's quite as bad as all that, what with many/most GNU/Linux distributions managing trusted certificates separately from browsers. That can't make older software support newer algorithms, of course, and like you, I find the forced deprecation of older algorithms to be a bad thing, not a security panacea.

    • (Score: 1) by cocaine overdose on Wednesday March 07, @01:19AM

      by cocaine overdose (6886) on Wednesday March 07, @01:19AM (#648811)

      Get with the times, old man. You know what King Google V says, "mobile first, not IMMOBILE first." HTTPS is the future, otherwise how would the gate keepers of security make any money off certificates? Think about it. I'd be more than happy to do my duty for my community, and help out the elderly installing Firefox Quantum. Or in your case, authcert.c to whatever assembly file you first started using in the 80s. Hell, as long as you sign off on my community service papers -- so I can use the internet legally -- I'll even throw in a TLS zeroday so you don't need to mess with your home-rolled DOS MaxThink parser. Cerf knows how unstable the inode must be all these decades.

    • (Score: 0) by Anonymous Coward on Wednesday March 07, @01:38AM

      by Anonymous Coward on Wednesday March 07, @01:38AM (#648815)

      No one misses the Pony Express, except maybe the riders. Being secure includes being up to date. Deal with it. To borrow a phrase, 'Suck it up, buttercup!'

