Hacker News new | past | comments | ask | show | jobs | submit login

So many acronyms, this page could certainly benefit from using the <abbr> tag to explain, or link off to a definition of what they stand for.

From the article:

ISRG - Internet Security Research Group - Let's Encrypt was in stealth mode for a while before they announced the project, and they used this generic name as the official certificate authority so they could fly under the radar while starting to lay the ground work to get the project going. https://en.wikipedia.org/wiki/Internet_Security_Research_Gro...

OCSP - Online Certificate Status Protocol - If Let's Encrypt wants to revoke certificates, they need broadcast those revocations. This is one of the protocols to do this, and it requires a different key pair. https://en.wikipedia.org/wiki/Online_Certificate_Status_Prot...

CA - Certificate Authority - This is someone who signs certificates for other websites. Browsers and operating systems have a list of CAs they trust, so if you want the https lock to show up without warning, you need to get your https certificate signed by one of the trusted CA (Let's Encrypt is going to be a free CA). https://en.wikipedia.org/wiki/Certificate_authority

CRL - Certificate Revocation List - This is another way to broadcast certificate revocations. https://en.wikipedia.org/wiki/Revocation_list

RSA - Rivest Shamir Adleman - A public key cryptography algorithm that most CAs use for their root and intermediate certificates. It's been battle tested for 40+ years, so it's a safe bet. https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29

ECDSA - Elliptic Curve Digital Signature Algorithm - The next generation in public key cryptography algorithms that has many advantages over RSA. It's still relatively new (10 years), so CAs are hesitant to adopt it right now. https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signatu...

From this discussion thread:

PKI - Public Key Infrastructure - The general term for a network of public keys. The PKI used by browsers is their list of trusted CAs plus any certificates from websites that are signed by those CAs (or chained to the CA through an intermediate). https://en.wikipedia.org/wiki/Public_key_infrastructure

DV, OV, EV - Domain Validation, Organization Validation, Extended Validation - These are different levels of audits done by CAs before they sign a certificate for a website. DV just checks that you have control over that domain (this is what Let's Encrypt will only do), OV checks that you are the organization you claim to be (usually by calling you), and EV does a lot more checking around to make sure that your organization is real and you are running the website (this is the level that gives you a green bar in your URL). https://www.globalsign.com/en/ssl-information-center/types-o...

S/MIME - Secure/Multipurpose Internet Mail Extensions - A protocol for signing email with a certificate that has been signed by a CA. Most CAs have a different key pair to sign keys with for this protocol, but Let's Encrypt will only be doing DV certs, so it doesn't need one. https://en.wikipedia.org/wiki/S/MIME

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact