Let's Encrypt: A Very Good Thing

December 9th, 2015Dan Yoder

Let’s Encrypt is now in public beta. I’m calling that a launch, and it’s a Very Good Thing. Let’s Encrypt is a free Certificate Authority for TLS and crucial advance for the Open Web.

An Open Web is an encrypted Web. Five years ago, that was a controversial position to take. Rent-seeking CAs inhibited adoption of TLS. Major software companies either didn’t use TLS or made it optional. Identity theft didn’t require anything more than running WireShark on your laptop at the local coffee shop.

Today, leading software companies require TLS. And, as of last Thursday, getting a TLS certificate no longer requires paying some company to basically generate a random key for you. But that’s really just the beginning of the goodness.

Backed By EFF

For one thing, EFF and Mozilla are two of the major sponsors. Given the grief we give Facebook about their attempts to hijack the Open Web, we’d be remiss if we didn’t also give them credit when they do the right thing. They’re now an LE Gold Sponsor, which is awesome, and, just for today, because I’m in such an awesome mood, I won’t even try to impugn their motives for doing so. One flaw in the Certificate Authority (CA) model is that law enforcement agencies could somehow backdoor certificates. But if you know anything at all about the EFF, you know that LE will be, by far, the CA most prepared to deal with pressure from law enforcement agencies, and the least likely to buckle to it. After all, the EFF is one of the world’s leading advocates for Internet privacy, and a pioneer in fighting for our right to use strong encryption. This is the same reasoning behind our faith in the NaCl crypto library, but that’s another story.

The ACME Protocol

Perhaps we shouldn’t have CAs at all? While I agree with this in spirit, the fact is, the way TLS works today requires them. In this light, LE is a huge improvement over what we had. And it’s possible that LE is a Trojan Horse for doing away with CAs entirely.

If LE is going to backdoor anything, it will be the authentication mechanism. After all, authentication is still useful. When I’m talking to my bank, I want to make sure it’s really my bank and not an attacker. LE uses an IETF protocol, called ACME, to automate this process. This isn’t, in principle, different than the way GPG works. In theory, down the road, LE could migrate to a distributed consensus model (think Bitcoin and the blockchain) for signature verification. I’m not suggesting this is in their roadmap (it isn’t, as far as I can discern), but it’s a step in that direction, regardless.

Are DV Certs Enough?

On the other end of the spectrum, some people claim LE can’t replace toll-collecting CAs because they only provide domain verification (DV). In practice, this means that the browser only knows that the certificate is for the domain (say, pandastrike.com), as opposed to an organization (Panda Strike, LLC). Browsers convey the degree of trust in the URL bar. If you want people to be certain your domain hasn’t been hijacked, you need more than a DV cert.

The rent-seekers out there would love for everyone to think this is a big deal. But, frankly, if my bank’s domain got hijacked, we’ve got bigger problems than potential man-in-the-middle attacks. And whose to say the CAs themselves can’t be hijacked or compromised? The weakest link in the chain probably isn’t the bank, it’s the CA. Everything beyond DV certs is security theater.

So Let’s Encrypt!

All in all, we’re pretty excited about LE. To have a CA that is not only free, but backed by an organization as credible as the EFF, is as good as the current system could get. And just maybe, LE, and the ACME protocol it employs, opens the door for new authentication models that can displace the current CA system. We’ll be using LE whenever we can going forward, and you should too. You can even say thank you if you want.