Lets Encrypt: Not long ago most websites were not secured with Security Layer Security (TLS) encryption. Because the internet started with HTTP instead of HTTPS. So today, 81% of websites worldwide use the HTTPS protocol. This percentage has reached 91% in the US.
We owe a huge thank you to the Internet Security Research Group for this huge increase in secure web browsing (ISRG) with their project Lets Encrypt.
Let's Encrypt just issued the billionth security certificate.
"Encryption should be the default for the Internet," said Josh Aas, CEO of ISRG and senior Mozilla technologist when Lets Encrypt was first created. project.
“The online landscape is a complex place these days, and it's very difficult for consumers to control their data. The only reliable strategy to ensure that personal data and information of each of us is protected during duration of our web browsing is encryption.”
Here we should mention that Let's Encrypt not only provided free TLS certificates around the world, but also made use of them very easy. The automatic procedure made possible by the ACME protocol (Automatic Certificate Management Environment).
ACME is now an IETF standard, RFC 8555 and automates the creation of public key infrastructure certificates (PKI), enabling the rapid creation of millions of security certificates.
Thanks to ACME, Let's Encrypt now serves nearly 200 million websites with two new employees and a 28% budget increase since June 2017.
To use ACME and obtain a certificate from Let's Encrypt, you need an ACME client. One of the best ACME clients is Certbot of the EFF (Electronic Frontier Foundation).
EFF developed Certbot to make securing one as easy as possible by clicking heres with Lets Encrypt or any other CA that ACME supports.
However, as easy as it is for each of us to issue a security certificate for one of our pages, it is just as easy for malicious users to try to place "tampered" pages as safe.
By automating TLS certificates, Let's Encrypt is reportedly making them substantially easier malicious users who want to launch "secure" websites. να αποκτήσουν ασφαλείς τοποθεσίες. Για παράδειγμα, hackers κατάφεραν να παραποιήσουν πιστοποιητικά για να βοηθήσουν στην απόκρυψη κακόβουλων ιστοσελίδων σαν σελίδων που προέρχονται από μεγάλες εταιρείες όπως τις Apple, Google και PayPal because any website can obtain a TLS certificate.
In short: just because you can log in to a site securely does not mean that the site itself is secure.
So Let's Encrypt is currently working on further improving its security quality.
For example, it has recently enhanced domain validation methods. It is a process used by all TLS certificate authorities to ensure that the person requesting a certificate is actually the owner of the domain for which they want it.
But despite the problem we mentioned above Let's Encrypt (a non-profit company) seems to have done a very good job on the world wide web.