Tag: Encryption

Let’s Encrypt Reaches 100 Million Certificates Milestone

Let’s Encrypt announced this week that they’d passed the 100 million certificates issued threshhold,

Let’s Encrypt has reached a milestone: we’ve now issued more than 100,000,000 certificates. This number reflects at least a few things:

First, it illustrates the strong demand for our services. We’d like to thank all of the sysadmins, web developers, and everyone else managing servers for prioritizing protecting your visitors with HTTPS.

Second, it illustrates our ability to scale. I’m incredibly proud of the work our engineering teams have done to make this volume of issuance possible. I’m also very grateful to our operational partners, including IdenTrust, Akamai, and Sumo Logic.

Third, it illustrates the power of automated certificate management. If getting and managing certificates from Let’s Encrypt always required manual steps there is simply no way we’d be able to serve as many sites as we do. We’d like to thank our community for creating a wide range of clients for automating certificate issuance and management.

The press release also notes that when Let’s Encrypt began issuing certificates, Firefox’s Telemetry report found that

. . . less than 40% of page loads on the Web used HTTPS . . . In the 19 months since we launched, encrypted page loads have gone up by 18%, to nearly 58%.

A very good trend.

VeraCrypt

With the demise of TrueCrypt and the abandonment of DiskCryptor, VeraCrypt is the best remaining free, open source disk encryption solution. It is a fork of TrueCrypt project that made a number of changes designed to address limitations of TrueCrypt.

I’ve been gradually migrating all of my encrypted hard drives over to VeraCrypt and have been very pleased with its performance and ease-of-use.

Let’s Encrypted Reached 20 Million Active Certificates in 2016

Interesting look from Let’s Encrypt Executive Director Josh Aas on the explosion in certificates that the free service has seen since its launch in 2015,

At the start of 2016, Let’s Encrypt certificates had been available to the public for less than a month and we were supporting approximately 240,000 active (unexpired) certificates. That seemed like a lot at the time! Now we’re frequently issuing that many new certificates in a single day while supporting more than 20,000,000 active certificates in total. We’ve issued more than a million certificates in a single day a few times recently. We’re currently serving an average of 6,700 OCSP responses per second.

. . .

When 2016 started, our root certificate had not been accepted into any major root programs. Today we’ve been accepted into the Mozilla, Apple, and Google root programs. We’re close to announcing acceptance into another major root program. These are major steps towards being able to operate as an independent CA.

EFF Says HTTPS Deployment Saw Major Growth in 2016

In an end-of-the-year summary, the Electronic Frontier Foundation noted that deployment of HTTPS grew dramatically in 2016,

By some measures, more than half of page loads in Firefox and in Chrome are now secured with HTTPS—the first time this has ever happened in the Web’s history. That’s right: for the first time ever, most pages viewed on the Web were encrypted! (As another year-in-review post will discuss, browsers are also experimenting with and rolling out stronger encryption technologies to better protect those connections.)

The EFF sites the availability of tools and services such as Let’s Encrypt that make obtaining and deploying certificates easier, as well as increasing pressure on companies to encrypt all traffic rather than just specific subsets.

The one troubling spot is that this increase isn’t necessarily distributed well geographically,

A caveat: data from Google shows that use of HTTPS varies significantly from country to country, remaining especially uncommon in Japan. We’ve also heard that it’s still uncommon across much of East and Southeast Asia. Next year, we’ll have to find ways to bridge those gaps.

I’ve used HTTPS on 99 percent of my server for years now, but there was a tiny portion that was not HTTPS because of a specific application that used its own non-Apache server that did not play well with the Wildcard SSL certificate I use. This year, finally, I was able to use Let’s Encrypt to flawlessly install a certificate just for that. The process for doing so was ridiculously easy and took about 10 minutes from beginning to end to configure and test.