ZDNet reported recently an update to the shortening of HTTPS certificates enforced by web browsers. What does it mean for you and for the internet?
Let's Encrypt has grown from zero to an organization that has the power to switch off half of the internet. It issues certificates needed for HTTPS on web servers. HTTPS is now required by all major web browsers.
Let’s Encrypt automates certificate renewals. It sells the idea that you install a client and don’t have to think about it again. This requires reliability that has to start with Let’s Encrypt itself. We can now see that with KeyChest.
This is my second blog post explaining the concepts of HTTPS. I will focus on the importance of HTTPS and how it affects the internet.
Public-key infrastructure (PKI) is a term for everything that has to do with web encryption beyond. This is a list of main terms to understand what it is and how it works.
The Coronavirus can't be stopped and the implications are quite clear: the next 3-6 months will see large numbers of people off work, and we can already see a huge increase in remote working—which depends entirely on the IT infrastructure working. As a recent Let's Encrypt incident showed, HTTPS represents the ultimate risk to remote working.
The days of old TLS versions are nigh. All major web browsers - Safari, Mozilla, Chrome, and Edge - will disable support of TLS 1.0 and TLS 1.1. The old and insecure versions of SSL protocols.
Bottom line - if your certificates are affected and you will not renew and deploy new certs within hours, you will have effective downtimes - certificates will be revoked and invalid. The estimated total is 3 million, of which 1 million are duplicates.
It takes 3-5 years to build a new internet certificate issuer. Web browsers make it very hard or impossible to visit web pages without encryption. It is almost as important as DNS. Let's Encrypt supplies certificates to 60% of the internet. Is the dependence on $14 million company a reasonable risk?
So Let's Encrypt issued a billionth certificate yesterday. It is an absolutely amazing number and I'm pretty sure no-one would have thought 5 years ago that any single CA can ever achieve this number.