Let’s Encrypt is a not for profit company with a mission of encrypting every traffic on the internet. Based on recent news, they are on track of achieving their audacious target.
They were able to disrupt the Certificate Authority (CA) industry in less than six (6) years. They turn industry on it’s head by providing a low-cost, easy to use and widely trusted global solution. A CA (Certificate Authority) is an organisation that verifies internet traffic by issuing digital certificates. Think of them as a country issuing passports to its citizens.
Right Timing
In 2015, the internet was growing at a rapid pace and so was the hacking. Companies like Ashley Madison, IRS, Anthem were some of the companies got pwned by malicious actors. Users had their information stolen and were used for nefarious reasons. There was an urgent need for a radical approach to internet security.
Web security was known but it wasn’t being applied. Roughly 37 percent of the web was using secure communication. At the time the existing Certificate Authorities were capitalizing on this opportunity.
2015 was said to be the year of encryption for all right reasons. First, this was the year a new communication protocol (HTTP/2), with encryption at its core, was finalized. Even legislation had this as a priority – President Obama encryption mandate. Google and Mozilla had made commitments of only supporting secure connections.
Setting up a website to use HTTPS was a tedious process. It’s every system admin worst nightmare. Then the Electronic Frontier Foundation began the Let’s Encrypt project. It promised to solve the sys-admin pains through automation and they did exactly that.
Heres To A Billion Certification
Installing a billion certificate is a testimony of how effective their solution has been.
When they started, about 35% of the web was encrypted.
Now they are over 81% of the web is encrypted as a result of this solution.
It was clear from the start as there was a huge demand for this tool. It took them 16 months to issue a million certificate; that is run-rate of over 60,000 installations per/week. Based on their current trajectory, they’re on track to achieve their goal of covering the web with encrypted communication.
No Pain… No Gain
Once you’re disruptive; you’ll have a few enemies and Let’s Encrypt found out the hard way. This is expected as they were simplifying a complex business while putting the control back into the hands of the user – for free!
One of the competitors who stood out was COMOD. They tried a bunch of gymnastics to distract/deter their success. They registered a few trademarks similar to Let’s Encrypt was one of their main stunts. “Let’s Encrypt”, “Let’s Encrypt With Comodo” and “Comodo Let’s Encrypt” are examples of their efforts. When that wasn’t enough, they tried another stunt. Consequently, their customers started to complain, as a form of protest against the company. In the end, good sense prevailed and they stopped.
They also applied some self-inflicted wounds. The most well-known case when the tool accidentally revoked over 3 million certificates due to a software bug.
Open Source Technology Can Be Successful
Let’s Encrypt took on the task of transforming the way we practice security. There have proven that the compromise between security and convenience can be solved. The project began with the support of a few companies: Facebook, HP, Gemalto, Linux Foundation, Cisco. Now they have an army; with the support of over 80 official sponsors.
The purpose of technology was to reduce complexity and make life easier while securing the web. And that is exactly what they were able to accomplish.
Once again Open Source wins, so Let’s Encrypt for a better internet.