“Let's Encrypt”, which can issue SSL certificates for free, has doubled the percentage of “websites protected by encryption” on the Internet in about 4 years


Philipp Katzenberger

There is a lot of information on the Internet, but at the same time, information such as “what you saw” and “what you purchased” on the Internet may be leaked via the network. To prevent this, it is important to encrypt the communication so that the contents cannot be read even if it is seen. In order to spread such encryption to websites on the Internet, attempts are being made to provide services that are normally offered for free.

How Let's Encrypt doubled the internet's percentage of secure websites in four years

' HTTPS ' is a communication protocol that makes Internet communication more secure by encrypting communication with countless websites on the Internet. For communication via HTTPS, the web browser that displays the website needs to send an SSL server certificate from the web server, and it is necessary to check which certificate authority (CA) the site is authorized for.

Let's Encrypt ” is a service to secure websites around the world by issuing such SSL server certificates for free. Let's Encrypt is a project started by J. Alex Halderman, a professor of computer science and engineering at the University of Michigan. You can see why HTTPS is needed by reading the following article.

`` Let's Encrypt '' which issues a certificate for free and supports the introduction of HTTPS from the beta version to the official version-GIGAZINE

By Sean MacEntee

'Let's Encrypt' succeeded in rapidly increasing the ratio of 'Websites protected by encryption by supporting HTTPS' from 40% to 80% in three and a half years from 2016 when the official service started It has become clear.

Let's Encrypt is a service that aims to turn the cost and complexity of implementing HTTPS into simple steps that are accessible to all websites by issuing certificates for free. Let's Encrypt is the largest CA in the world at the time of writing, and has already issued more certificates than SSL server certificates issued by all other CAs.


Sander Weeteling

Mr. Halderman, the founder of Let's Encrypt, described the process of the start of the project: `` When HTTPS was invented in the 1990s, (HTTPS) was thought to be used primarily for credit card transactions and online banking. However, the Internet has evolved into a much more dangerous place since the 1990s, and Edward Snowden has shown that the government is monitoring traffic globally due to leaks. , Governments have changed the Internet traffic, attacking users' computers, and attacking third parties via computers, so today's not only financial transactions but all online communications It is necessary to encrypt all communication to realize communication encryption. It is important that the website operator has access to the CA, and Let's Encrypt is doing just that, for small websites where traditional processes make it difficult to obtain an SSL server certificate. Even so, using Let's Encrypt makes it easy to implement HTTPS. '

Furthermore, the reason why it is difficult for all websites to adopt HTTPS using the conventional method is, “If the website operator chooses a CA, pays tens of thousands of yen for issuing an SSL server certificate, and the certificate is issued “We had to install it in a complicated way,” Halderman explains. For a normal CA, this process must be repeated once or twice a year, and if not performed within a set period, the website may shut down. As a result, small websites remain incompatible with HTTPS. However, with Let's Encrypt, SSL server certificates can be issued free of charge and with a single click, and installation of certificates on websites is automated, making it very easy to implement.

In addition, Mr. Halderman said that Let's Encrypt can issue SSL server certificates for free, `` Most of the operating funds are covered by donations from large high-tech companies '', but in the case of ordinary CA etc. Pointed out that it is difficult to automate various processes because it is charged for the issuance of SSL server certificates, and succeeded in providing services as part of social contribution, not as business It is written that it is one of the factors.

Halderman said, “By completely eliminating the friction associated with the issuance of SSL server certificates and their payments, the certificate issuance process is much easier. After simplifying the process, ACME is the certificate issuance automation protocol. (Automatic Certificate Management Environment) has made it possible to automate the process, and ACME has contributed significantly to reducing the cost of each certificate encryption problem. '

by Marvin Meyer

In addition, Mr. Halderman published the first paper on Let's Encrypt only in November 2019, about four years after the official start of Let's Encrypt. For the reason, “It was a strange idea to create a new kind of CA that offered a free SSL server certificate. So if you were writing a paper before you started Let's Encrypt, We had to prove that the economy worked well with Let's Encrypt, and four years later, let's Encrypt was so successful that we We ’re finally able to publish a paper that looks back on how we measured and measured the impact on the web. ”

In addition, as one of the reasons why Let's Encrypt worked, Halderman said, “It was not a product by one large high-tech company, but a service by a neutral organization that worked for the public interest.” Cite. Because it was a service launched by neutral people, everyone could rely on Let's Encrypt, and any company could use it without being aware of the interests.

In addition, Mr. Halderman cited an “Internet Service Provider (ISP)” as a potential success when a “neutral organization offers a service that simplifies the encryption process”, such as Let's Encrypt. It is. ISPs use a routing protocol that transfers information over the Internet, but the process itself is not encrypted and is susceptible to external attacks. Therefore, if a neutral organization can provide an encryption process using a model such as Let's Encrypt, it may be possible to provide a service that will benefit the public.

in Web Service, Posted by logu_ii