Let's Encrypt Free Certificate's Success Challenges SSL/TLS Industry
"The CASC supports the goal of encrypting all Internet traffic, and recognizes Let's Encrypt's efforts to that end," Dean Coclin, senior director, business development, Symantec, told eWEEK. Coclin noted that although DV certificates provide encryption and are perfectly fine for a variety of uses, no authentication of the certificate requestor is performed. "Hence DV certificates should not be used for financial applications or anywhere that PII (personally identifiable information) data is provided," Coclin said. Let's Encrypt's Aas did not disagree that there are shortcomings with DV certificates and the CA (Certificate Authority) system in general, but he emphasized that the system can do a lot to protect people. In his view, most sites should have moved to encryption by default on the Web years ago.DigiCert, which is a leading CA, also sees Let's Encrypt in a somewhat positive light. Flavio Martins, vice president of operations at DigiCert, commented that for Websites that are not commercial in nature, where personally identifiable or financial data is not exchanged, strong assertions of identity, such as those found in Extended Validation (EV) certificates, are not as critical. DigiCert sells and manages Organization Validated (OV) and Extended Validation (EV) certificates, both of which require the Website owner to provide information that can help to verify trust and authenticity, before a certificate is issued. Martins noted that from what he has seen in the Let's Encrypt community, many individuals are looking for encryption for personal sites or non-commercial projects. For the Web operators using SSL/TLS certificates for these types of sites, encryption enhances online privacy in making sure that data is no longer flowing in clear text across the Web. "Let's Encrypt is having a positive impact with these sites in advancing encryption everywhere, and we certainly think that increasing the use of encryption on the web is a positive step," Martins told eWEEK. The goal of having encryption more broadly adopted on the Web, with the use of secured HTTPS Everywhere is at the heart of Let's Encrypt mission. Aas noted that, according to statistics from Mozilla, in December 2015, 40 percent of Websites and 65 percent of transactions used HTTPS. "We want to see those numbers go to 100 percent—that's our bottom line," Aas said. "It's what we really care about. Everything we do supports us in reaching this goal." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist
"Working with the existing system is the only way we're going to encrypt the entire web now," Aas said. "We can't afford to wait another decade plus for an improved solution to replace the CA system."