back to article Let's Encrypt completes huge upgrade, can now rip and replace 200 million security certs in 'worst case scenario'

Internet Security Research Group nonprofit Let's Encrypt has massively upgraded its certification hardware and software so that it can delete and reissue all its certs in less than 24 hours. Last April the certificate authority was forced to kill three million HTTPS certs after a bug was found in its automated certificate …

  1. John Robson Silver badge

    Crikey, someone thinking of failure cases...

    "Let's Encrypt now says it can revoke and replace 200 million certificates in less than 24 hours, should a catastrophic security failure occur."

    That's more resilience than I expect any of the major pay-to-play-ers to have...

    1. sev.monster Silver badge
      Pint

      Re: Crikey, someone thinking of failure cases...

      New arrows, looks like. Tested on your post. Enjoy the free point.

      Sadly, points carry no value and are not tradable for fiat or beer, either of which would be fantastic.

      1. Arthur the cat Silver badge
        Happy

        Re: Crikey, someone thinking of failure cases...

        Sadly, points carry no value

        I thought points mean prizes?

        1. big_D
          Happy

          Re: Crikey, someone thinking of failure cases...

          Not in this game.

          1. General Purpose

            Re: Crikey, someone thinking of failure cases...

            Points mean badges!

            1. Anonymous Coward
              Anonymous Coward

              Re: Crikey, someone thinking of failure cases...

              Not if you are posting as Anonymous. No badges - no icons. The Anonymous label allows a post to be judged on its own merits - not biased by any knee-jerk pre-judgements of the author's possible views.

              1. sev.monster Silver badge

                Re: Crikey, someone thinking of failure cases...

                You're talking about bombastic bob and jake right?

                (our lovely Martian is excempt from judgement)

                1. sev.monster Silver badge
                  Joke

                  Re: Crikey, someone thinking of failure cases...

                  Sorry, guess you really do need to state the obvious nowadays.

              2. Hubert Cumberdale Silver badge
                Joke

                Re: Crikey, someone thinking of failure cases...

                I downvoted you just in case.

    2. Anonymous Coward
      Anonymous Coward

      Re: Crikey, someone thinking of failure cases...

      What they did was upgrade the operations per second license on their HSM's -- that's my guess.

      1. Arthur the cat Silver badge

        Re: Crikey, someone thinking of failure cases...

        It was more than just that. Read the linked article.

      2. cipnt

        Re: Crikey, someone thinking of failure cases...

        Check their twitter updates. They got some bad ass hardware now:

        https://twitter.com/letsencrypt/status/1354128984179675136

        1. sreynolds

          Re: Crikey, someone thinking of failure cases...

          Still reckon the home office could do a way better job at revoking certificates.

          1. Robert Carnegie Silver badge

            Re: Crikey, someone thinking of failure cases...

            I don't think that "throwing away evidence then pretending it never existed" - or doing the same to people - is doing revoking -properly-.

    3. Hubert Cumberdale Silver badge

      Re: Crikey, someone thinking of failure cases...

      Indeed. The excuses for not using HTTPS on your site keep dropping away; if you're not doing it for any real security needs, at least do it to annoy the feds!

  2. nijam Silver badge

    > To date we've seen no hard evidence that the Supermicro story is true

    In a case like this, you can't prove a negative (proof by exhaustive enumeration not being viable), so the story will never go away.

    Personally, I'm not blaming the Chinese, I think the chips were installed by the Loch Ness monster.

    1. Claptrap314 Silver badge

      No, I'm thinking TinkerBell. She's jealous that all the new kids are dreaming about the internet.

      The best part is, if she gets found out, we can all just clap to make it better!

      1. Anonymous Coward
        Anonymous Coward

        "[...] just clap to make it better!"

        Mercury used to be the cure.

    2. A.P. Veening Silver badge

      In a case like this, you can't prove a negative (proof by exhaustive enumeration not being viable), so the story will never go away.

      The story will go away if Bloomberg either has to show proof or pay a hefty fine every time they publish the story. And Bloomberg should be able to prove a positive (if it is there to be proven).

      1. EnviableOne

        The Problem is where...

        In the US, SuperMicro need to prove that what was said was false.

        (Absence of Evidence Is Not Evidence of Absence) - Not a Hope In Hell of wining

        In the UK Bloomberg need to prove that what they said was true.

        (put up or shut up) - If bloomberg cant prove it they lose.

        if Supermicro could find a way to bring a libel action under UK law they could put it to bed, the problem is, its hard to get it out of a US juristiction.

        1. Anonymous Coward
          Anonymous Coward

          Re: The Problem is where...

          I would say Bloomberg have already lost in the court of public opinion - excluding conspiracy theorists. A lower threshold for libel claims against the press is not without disadvantages. Nor is it always the case that a court case will negate the effects of libel.

    3. Brian Miller

      As someone who works in the area of motherboards, chips, crypto, and bare epoxy boards, the Bloomberg article reeks from hell to high heaven. "Oh, these flashing ethernet lights show that it's being hacked." Uh, no. "This chip can be sandwiched between layers." Without a trace??? Yeah, some of those chips are small, but they can't just be "slipped in" at a whim.

      And on and on.

      Bloomberg stooped to supposition and speculation, and reported such as fact. Seriously, the worst presentations at Black Hat are better than the Bloomberg article. "Quod est demonstrata" does still have relevant meaning.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like