14. May 2016 · Comments Off on Let’s Encrypt · Categories: Computing

As a tech geek, I’m quite sensitive to a current trend that aims at pushing the Web towards globally encrypted communications. My main problem with this idea was trust in certificate authorities, and as a result, I ended up being my own CA, which only a few people could trust. The end result was encrypted communication, but with a clear man-in-the-middle threat for everyone outside my small web of trust. I didn’t care much, because it was still better than no encryption at all, but there was a large margin for improvement. This improvement came with Let’s Encrypt, a “free, automated, and open certificate authority (CA), run for the public’s benefit”. After reading about it, and the team running it, I was easily convinced to trust this new CA. From “not knowing about it” to “trusting and using it with automated renewal”, it took me roughly an hour for several sites and services. A CA you can trust is not the only thing they are. In addition, they encourage and facilitate automation, and limit certification validity to only 3 months, and this is actually very good practice. It’s like the policies we have with passwords (you know, the one where you only change one letter because you won’t remember it otherwise), except it’s much stronger, and happens quietly behind the scene once properly configured.

Comments closed