Technology

31 readers

1 users here now

This magazine is dedicated to discussions on the latest developments, trends, and innovations in the world of technology. Whether you are a tech enthusiast, a developer, or simply curious about the latest gadgets and software, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as artificial intelligence, robotics, cloud computing, cybersecurity, and more. From the impact of technology on society to the ethical considerations of new technologies, this category covers a wide range of topics related to technology. Join the conversation and let's explore the ever-evolving world of technology together!

founded 2 years ago

Shortening the Let's Encrypt Chain of Trust (letsencrypt.org)

submitted 1 year ago by wave_walnut@kbin.social to c/tech@kbin.social

3 comments fedilink hide all child comments

When Let’s Encrypt first launched, we needed to ensure that our certificates were widely trusted. To that end, we arranged to have our intermediate certificates cross-signed by IdenTrust’s DST Root CA X3. This meant that all certificates issued by those intermediates would be trusted, even while our own ISRG Root X1 wasn’t yet. During subsequent years, our Root X1 became widely trusted on its own. Come late 2021, our cross-signed intermediates and DST Root CA X3 itself were expiring.

top 2 comments

sorted by: hot top controversial new old

[–] stu@lemmy.pit.ninja 6 points 1 year ago

Let's Encrypt is one of the best things to ever happen to the Internet. It used to be a pain in the ass and take days to get certificates for domains and set them up on a server and now you can buy a domain and deploy a functional and secure website within 15 minutes. Lowering the barrier to entry for https was a game changer. I appreciate their clear communication about their timeline for changing their signing chain. If anyone is still using an 8 year old Android phone, it's probably time for an upgrade anyway

[–] Chris_ni@kbin.social 5 points 1 year ago* (last edited 1 year ago)

A year or so ago I was doing some market analysis for work into the most widely adopted CA’s across the Internet. I found this analysis from w3techs that had LetsEncrypt at number 5, and IdenTrust at number 1 (https://w3techs.com/technologies/overview/ssl_certificate)

At the time I was pretty shocked. I’d never heard of IdenTrust, and half the internet seemed to be using LetsEncrypt… so how was this possible? It was only when I looked into it further I discovered that the vast majority of existing LetsEncrypt certificates were cross-signed by IdenTrust, so I suspect this analysis by w3techs was skewed as a result, classifying cross-signed LetsEncrypt certificates as signed by IdenTrust (as they kind of are).

It’ll be really interesting to see what happens post 2024 when the last of the cross-signed certificates expire. My expectation is that IdenTrust will plummet in that ranking and LetsEncrypt will take the top spot.

load more comments