SoylentNews

Yog-Yogguth writes:

Let's Encrypt announces [letsencrypt.org] the generation of root and intermediate certificates, share the public keys, and show the layout of their operational structure. The keys are RSA [wikipedia.org] (the Rivest, Shamir, and Adleman algorithm) for now with ECDSA [wikipedia.org] (Elliptic Curve Digital Signature Algorithm) versions coming later this year.

The root certificates are for the Internet Security Research Group (ISRG) [wikipedia.org] and separately for the Online Certificate Status Protocol (OCSP) [wikipedia.org] for the ISRG. OCSP is described in RFC 6960 [ietf.org] and used for revocation of certificates.

The intermediate certificates are for two different intermediate Let's Encrypt CA [wikipedia.org] (Certificate Authority) servers named/numbered X1 and X2. These are cross-signed by the IdenTrust [wikipedia.org] root CA for ease of deployment and use by existing browsers without the need for any modifications until the browsers add the ISRG root CA through updates. The Let's Encrypt intermediate CA X2 is only intended for disaster recovery in case of a non-functional X1. The Let's Encrypt announcement has a schematic of the structure.

The target is or was to launch the Let's Encrypt service in the second quarter of 2015 (which ends this month) and they plan on further announcements during the next few weeks.

Original Submission