Let's Encrypt has announced the generation of root and intermediate certificates, share the public keys, and show the layout of their operational structure. The keys are RSA (the Rivest, Shamir, and Adleman algorithm) for now with ECDSA (Elliptic Curve Digital Signature Algorithm) versions coming later this year.
The root certificates are for the Internet Security Research Group (ISRG) and separately for the Online Certificate Status Protocol (OCSP) for the ISRG. OCSP is described in RFC 6960 and used for revocation of certificates.
The intermediate certificates are for two different intermediate Let's Encrypt CA (Certificate Authority) servers named/numbered X1 and X2. These are cross-signed by the IdenTrust root CA for ease of deployment and use by existing browsers without the need for any modifications until the browsers add the ISRG root CA through updates. The Let's Encrypt intermediate CA X2 is only intended for disaster recovery in case of a non-functional X1. The Let's Encrypt announcement has a schematic of the structure.
The target is (or was) to launch the Let's Encrypt service in the second quarter of 2015 (which ends this month) and they plan on further announcements during the next few weeks.
(Score: 3, Insightful) by frojack on Wednesday June 10 2015, @02:35AM
I've been waiting for this to get off the ground.
It will be interesting to see if their certs will be blessed by all the other guys or they are going to give them the same cold shoulder they gave self signed certs (except Google's of course).
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday June 10 2015, @03:04AM
Thanks to Snowden, word is out that there is a peeping-tom in town.
And everyone is pulling their blinds....