Just saw this, though I think it might have been out for a few weeks now:
Some tidbits that I found interesting:
- All of ISRG is just 27 staff (three of whom are named Sarah).
- "Collectively, we [at ISRG] operate three impactful and growing projects for $7 million a year." which is just really amazing considering what they're doing.
- And only 41% of their expenses are for Let's Encrypt.
- The scale of Let's Encrypt is up to 3 MILLION certificates issued PER DAY!
- "Across the top 1,400 most used TLDs, 50.2% of domains use a cert from Let's Encrypt"
- The oft-neglected
key-changeendpoint has 100% uptime! - Though even
finalizeis 99.95%, which isn't shabby in the slightest. - The engineers have done a lot of that "nobody else should notice" work, of reworking how they scale VMs and how they sign OCSP, in addition to the "new feature" work of CAA account binding and the ARI draft work.
- The CT log software they're using just isn't good enough, so they're planning on rewriting their own CT log software since of course that's what they need to do for their scale. (Honestly, to me running a CT log seems so expensive and complicated, with such tight constraints, that I don't know why any organization would sign up to do it unless it's a nonprofit like ISRG that's working really hard to try to make the system work.)
- Plus there's a bunch of awesome stuff that Prossimo and Divvy Up are doing too.
I just wanted to applaud all the people at ISRG for all they did this year, and send best wishes for a successful and healthy 2024!
