back to article Let's Encrypt certificate authority signs first cert

Let's Encrypt, a free automated open-source certificate authority (CA), has signed its first certificate – leading the Electronic Frontier Foundation (EFF) to celebrate "an important milestone in our march to encrypt all of the Web." Announced in 2014, the companies behind Let's Encrypt intended to encourage the world's …

  1. Steve Knox
    Facepalm

    It's free! It's automated! It's open-source!

    What it needs is a tech-savvy *cough*, popular *cough*, well-respected *well, two out of three, anyway...* tech news site as a client to really get the ball rolling...

    https://www.theregister.co.uk

    ...

    *sigh*

    1. Anonymous Coward
      Anonymous Coward

      Re: It's free! It's automated! It's open-source!

      The reg doesn't need it anymore. Anyone who was interested in the readership back when we were all new already has your un-encrypted Register username, password, name, address, email and telephone. Now there is no value in us. We whine too much.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's free! It's automated! It's open-source!

        What an odd bunch of thumbs down. Guess you like submitting your username, password and personal details on the registers unencrypted pages, or you just lack a sense of sarcasm.

        Oh well.

        1. Michael Wojcik Silver badge

          Re: It's free! It's automated! It's open-source!

          Guess you like submitting your username, password and personal details on the registers unencrypted pages

          Yes, because I have a realistic threat model.

  2. Jan 0
    Go

    Yes! Get on with it ElReg,

    What's stopping you now?

    1. DaLo

      Re: Yes! Get on with it ElReg,

      Was it really the £4 p/a cost of a cert that was holding them back before?

    2. Naselus

      Re: Yes! Get on with it ElReg,

      "What's stopping you now?"

      Sigh, I suppose it has to come out sooner or later.

      They can't set up a proper https site because the last person working for El Reg who understood anything about computers quit in 1998. The remaining hacks don't know which one is the web server, and haven't got the admin password for it in any case.

      The whole site is basically written through a heavily-modified version of Wordpress, using a series of automated chat bots - Andrew Orlowski is specifically programmed to talk about IP if it hasn't been mentioned for 60 lines or 47 minutes, whichever is the shorter. Lewis Page-bot simply collects any 3 random articles from the front page of the Heartland Institute and mixes them together. Gavin Clarke is just a rejected custom re-skin of Siri for the Melanesian budget phone market. And Trevor Pott is actually Trevor Pott.

  3. This post has been deleted by its author

    1. Pliny the Whiner

      Re: Yes! Get on with it ElReg.

      Jesus is opposed to encryption. Everyone knows that.

      1. Mark 85 Silver badge

        Re: Yes! Get on with it ElReg.

        But he cries when your data gets snooped...

      2. Anonymous Coward
        Anonymous Coward

        Nooooooo!

        Dancing Jesus!

    2. Anonymous Coward
      Alien

      Re: Yes! Get on with it ElReg.

      What's stopping you now?

      Two things:

      1. Andrew Orlowski thinks certs are part of a freetard conspiracy.

      2. Lewis Page thinks that certs are part of a warmist conspiracy.

      1. h4rm0ny

        Re: Yes! Get on with it ElReg.

        And

        3. Tim Worstall refuses to use free certs until they cost more.

        4. Trevor Potts refuses to use any technology that is compatible with IPv6

        1. Trevor_Pott Gold badge

          Re: Yes! Get on with it ElReg.

          I use lots of technology compatible with IPv6. I just use NAT66 (but not NAPT66) to do 1:1 address mapping to allow me to A) have an internal address space that isn't visible to the public and B) handle readdressing on networks that can't afford the outrageous costs of BGP connectivity. Oh, and I don't care if that breaks $application (not that I have found any it has, yet).

          Not accepting the shit shoveled my way by the ivory tower types isn't quite the same as not embracing the future. It's anticipating potential problems and architecting around them.

          Hey, isn't that what you lot are supposed to be getting paid for too?

        2. Jonathan Richards 1 Silver badge
          Joke

          Re: Yes! Get on with it ElReg.

          3. Tim Worstall refuses to use free certs until they cost more and contain 7.2% neodymium.

          FTFY

  4. Ru'

    Would be helpful to perhaps include instructions to install the cert in other popular browsers. I hear chrome has a few users these days, for example.

  5. LDS Silver badge

    Certificates are not for encryption only.

    Certificates are also about authentication. Sometimes, I may care more about authentication (endpoints and data), than encryption. If certificates are emitted wihout vetting, teh authentication is no longer reliable. You get encryption, nice - but useless if you can't trust the entity certificate.

    1. vortexvortex

      Re: Certificates are not for encryption only.

      When news of the initiative broke last November, I asked EFF whether they would be working with CA-Cert who have been dealing with individual and organizational identity verification issues. EFF's Peter Eckersley's response was:

      "We aren't working with CA-CERT, but we're partnering with and receiving advice from people who've run a number of other widely-used CAs.

      Securely encrypting the Web is sufficiently important that we will be able to raise enough donations and membership contributions to run ISRG with a proper budget."

      That's a pity, as the initiative's industry muscle could have ensured a cross signing of the root of a long standing free community CA infrastructure with distributed procedures and processes behind it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Certificates are not for encryption only.

        Its odd they replied to you after you asked them. I got EFF all.

    2. Anonymous Coward
      Anonymous Coward

      Re: Certificates are not for encryption only.

      Certificates are not for encryption only... true, I'd like to see every page, every msg, SIGNED forever, with pfs - remember that MITM isn't just for stealing data - can also be used to push modified data.

      Unfortunately although the CA/Browser forum are allegedly about to get a bit more useful (less industry captured) by kicking out some sub-CAs, at heart they still support fully state manipulation of data, for seemingly *any* state. . .

      summary: *mostly* authenticated

    3. Michael Wojcik Silver badge

      Re: Certificates are not for encryption only.

      Certificates are only about authentication. If you want encryption without authentication, you can use ADH or other non-authenticated key-exchange schemes.

      A CA that doesn't verify the party they're issuing a certificate to is a CA in name only. It's not providing a useful service.

  6. just another employee

    Anyone for a driving licence?

    I am announicing the new "Open Driving Licence" scheme.

    No one trusts this scheme yet although they will. Honest.

    My enrollement and issuance process is simple so it should work out fine (so simple in fact that 'they' - the old duffers in power - do not understand it)..

    My scheme is this:

    1) Send me a photo and a name, and

    2) I send you a driving licence printed in a nice shade of purple on A4 paper.

    I can't see why this won't work ? can you ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Anyone for a driving licence?

      Surely there is a simpler way. After all i don't need to prove who i am and you don't need to prove who you are. Can't you just leave them somewhere and let me pick one up and attach my own photo and name.

      1. just another employee

        Re: Anyone for a driving licence?

        .. I could load a blank license PDF up to dropbox and let you download and complete it yourself ?

        Is that simpler ? - certainly works for me.

        Adopters/Followers = 1

        Apparantley the second follower is the most important. Just need one more and we have ourselves a true Open Community Supported Platform (OCSP) driving licence scheme.!

  7. Anonymous Coward
    Anonymous Coward

    Encrypt the whole web?

    What the hell for?

    Unless its a private page or site then leave it plain text please. Why waste the time and CPU cycles encrypting something thats public anyway FFS??

    1. richie5um

      Re: Encrypt the whole web?

      That is assuming what the site is intending to send to you is actually what you get. Almost certainly you are passing through a lot of systems to get from your request to the target site and back. And as recently, unencrypted traffic is then subject to; ad injection, personal profile building, ...

      I'd much rather the CPU cost.

      1. Anonymous Coward
        Anonymous Coward

        Re: Encrypt the whole web?

        "And as recently, unencrypted traffic is then subject to; ad injection, personal profile building, ..."

        Oh please. If you're that worried about it delete all your cookies on a regular basis and/or use Tor. In the meantime the worlds data centres currently use 10% of the worlds electricity. I see no good reason for that to rise considerably with all the extra enviromental costs just because of a few paranoids like yourself.

    2. Adam Inistrator

      Re: Encrypt the whole web?

      I suppose you think "nothing to hide nothing to fear as well". changes everything. imagine market researchers standing on every street corner taking notes of EVERYTHING. creepy. but this is what goes on in the web.

  8. Morrie Wyatt
    Joke

    ACME protocol?

    Does it mean that we need to beware Judge Doom, falling anvils, painted tunnels, roadrunners and other such cartoon dangers?

  9. phil dude
    Stop

    clarification ?

    Does this service mean you generate a CA at home, and they will sign it?

    Or they send you a new CA and sign that?

    The ONLY way I will ever use a remote CA is if they sign the one I generated.

    Am I missing something?

    P.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022