In this short article Let’s Encrypt lists challenges ahead, like service growth, new features and infrastructure and finances.
Let’s Encrypt had a great year in 2017. We more than doubled the number of active (unexpired) certificates we service to 46 million, we just about tripled the number of unique domains we service to 61 million, and we did it all while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 46% encrypted page loads to 67% according to statistics from Mozilla - a gain of 21 percentage points in a single year - incredible. We’re proud to have contributed to that, and we’d like to thank all of the other people and organizations who also worked hard to create a more secure and privacy-respecting Web.
[Ed note: SoylentNews uses Gandi for "soylentnews.org" and uses LetsEncrypt for all other domains and subdomains. --martyb]
A few dollars chipped in from corporate giants, and they have also come under budget:
Decent impact for a small amount of money.
Yea, great more encrypted pages. Which means anyone who needs to run even a slightly older web browser (because the new ones are too buggy, intentionally fuck up UI stuff, intentionally fuck up other things that used to work, using an OS configuration that suddenly becomes "unsupported", and so on) - well, no web for you!
Because you know, the encraption methods that were "perfect" five minutes ago are now suddenly "insecure". So upgrade, upgrade, upgrade, UPGRADE!
Let's face it, nothing is really secure. Every encryption method or security program is broken right out of the door. The only difference is how long it takes before someone TELLS you it broken. You want security, go back to pencil and paper!
Honestly surprised soylentnews even loads for me these days.
While you certainly have a point, I don't think it's quite as bad as all that, what with many/most GNU/Linux distributions managing trusted certificates separately from browsers. That can't make older software support newer algorithms, of course, and like you, I find the forced deprecation of older algorithms to be a bad thing, not a security panacea.
Get with the times, old man. You know what King Google V says, "mobile first, not IMMOBILE first." HTTPS is the future, otherwise how would the gate keepers of security make any money off certificates? Think about it. I'd be more than happy to do my duty for my community, and help out the elderly installing Firefox Quantum. Or in your case, authcert.c to whatever assembly file you first started using in the 80s. Hell, as long as you sign off on my community service papers -- so I can use the internet legally -- I'll even throw in a TLS zeroday so you don't need to mess with your home-rolled DOS MaxThink parser. Cerf knows how unstable the inode must be all these decades.
No one misses the Pony Express, except maybe the riders. Being secure includes being up to date. Deal with it. To borrow a phrase, 'Suck it up, buttercup!'