

Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open - ffk
https://letsencrypt.org/

======
bobsky
Excellent project. But note it's still "arriving-mid-May"

Previous HN discussion from their launch ~6months ago, are here: * Launching
in 2015: A Certificate Authority to Encrypt the Entire Web
[https://news.ycombinator.com/item?id=8624160](https://news.ycombinator.com/item?id=8624160)
* Let's Encrypt: How It Works
[https://news.ycombinator.com/item?id=8640756](https://news.ycombinator.com/item?id=8640756)

~~~
davidrusu
Where are you seeing mid may? the website mentions mid 2015.

~~~
ffk
I think their website used to say mid may and they updated it.

------
zmmmmm
Is there some news here? I'm a huge fan of this idea but until it actually
launches I don't see any point getting too excited about it.

In a more general sense, why have none of the larger players, who, I would
have thought could easily do it, not ventured into this space?

Why are Google, Amazon, Microsoft, etc. not offering me free SSL certs based
on their own existing ability to verify my identity in so many ways, far
better than letsencrypt or anybody else, really? I'm really curious about what
is the barrier here that makes this so hard that basically nobody is doing it?
And if those barriers are so high, why is StartSSL able to do it?

~~~
nzp
StartSSL is able to do it because they cut out the nickle and dimeing BS. They
state it clearly on their page, it costs them practically nothing to issue
their class 1 certificates because the process is automated, so they simply
don't charge for it. I would guess it's easy for them to do it since it's
their business anyway. As for the others, it's probably too much of a hassle
to set up and maintain a public CA.

------
wfunction
Can someone explain why EVERYTHING on the internet needs to be encrypted? For
information that is obviously public (e.g. anything from today's articles on
the New York Times to the installation image for Windows), doesn't it make
more sense to encrypt the hash of the file, while making the file itself
plaintext? That would seem to make it much easier to cache the data midway,
reducing network traffic.

~~~
Artemis2
The way HTTPS works allows for authentication of the received data. Even for
"obviously public" data, this is essential: an installation image of Windows
could be modified to include malware, or news articles could be edited on the
fly during transmission.

Once everything is encrypted, the only things that can be known of a request
are the origin IP and the destination IP.

------
jimmcslim
This seems to want to move the trust relationship to just encompass the
server, whereas the traditional CA aims to establish 'trust' in the
organisation behind the server (via verification in business registry, or via
national identity card/passport for individuals). Given this redefinition of
trust, will the LE root cert have a chance of ending up in IE, Safari or
Chrome?

~~~
grizzles
Maybe in theory, but in practice today it's already server-trust.

------
jcase
Acceptance into Mozillaʼs CA Certificate Program is usually discussed in
public. Let's encrypt is not on the list of pending CA applications[0]. Does
anyone know if they are introducing a new root certificate or teaming up with
an existing CA?

[0]
[https://wiki.mozilla.org/CA:PendingCAs](https://wiki.mozilla.org/CA:PendingCAs)

~~~
ffk
I believe they are cross signed by IdenTrust which is trusted.

~~~
jcase
Thanks. You're right. Now I'm just wondering what IdenTrust gains from free DV
certificates.

------
ffk
According to Let's Encrypt, top sponsors include EFF, Mozilla, Cisco, Akamai,
IdenTrust and Automattic.

[editing to add other sponsors]

------
grizzles
Has Google or MS said if they will import the root LE cert into their
respective browsers?

------
ilaksh
When exactly is it launching?

------
JshWright
Got excited for a second...

~~~
arthurfm
I thought Let's Encrypt had finally launched too. :(

