Hello web-admins, enthusiasts and geeks like me! : Introductions


#21

Hello everyone.
I am Raghav from India. I am a student and been in the field of web development from ~3 years. Been in touch with this project since the beginning. Its a great project and I am waiting to get hands on first certificate so as to use it on all the websites I am currently working on. It is really a good options for beginners and the whole idea is awesome.


#22

Renan Prasta Jenie, from Bogor, Indonesia. :smile:

I am both a Software Engineer and Human Nutrition Student, and came to here “by chance”, looking up for free SSL for my personal “belongings”. ::stuck_out_tongue:

I am a newb at internet technology, so for most of the time, I shall be a silent reader, sorry.


#23

Hey folks, I am an retired IBM Enterprise IT Architect (40+ years) currently training in Big Data Analytics @ Emory and refreshing programming skills @ Gwinnett Tech in GA, US.

I have followed this arena for years, even back in the days when personal certificates could be obtained from commercial CA for little or no cost.

I have recently renewed my focus on this arena given the raging epidemic of security breaches and the theft of PI / SPI data from the mind numbing list of enterprises WW.

I had reviewed the commercial offerings and CACert and was not satisfied with the cost of the former and the lack of Audit posture / loss of CA status that CACert has experienced over the last 2-4 years.

I am eagerly awaiting LE’s go-live AND I urge my peers to DONATE 10 or 20 bucks (come on, most of us could skip a lunch or two and maybe lose a couple of pounds) to support this effort: we all desperately need greater security and this is the best effort i have seen to date.

I hope that LE will issue certificates of at least 256 bit strength.

I also feel that any LE needs to be aggressive in it’s standards for issuing certificates to enterprise domains (or personal domains for that matter). MV certificates are relatively worthless in terms of protecting the end users. I feel that LE needs to insist on OV verification at full TLS 1.2 compliance for enterprise domains to be recognized and issued a certificate by LE. Personal domains are harder, but maybe some of the existing system “health check” software could be provided and required as part of the process to obtain a personal domain certificate.

Relying on sys admins (NO OFFENSE intended to the 80% of sys admin pros who strive to ensure integrity of their servers) to say “sure - my server is properly and aggressively protected” is simply not working as evinced by the 70% enterprise breach statistics (I know, much of that happens externally to servers).

I also feel that LE needs to provide some validation tool for individuals requesting certificates. Having a certificate is relatively useless if an end users OS and/or browser has gaping holes. While LE cannot, of course, ensure that end users rigorously apply OS and browser updates AFTER they have received their certificate, they COULD help this immensely before issuing by: validating the currency of the major browsers, checking the status of OS updates (i.e. recently), AND by asking for permission and setting the supported levels of SSL and TLS in browsers appropriately (at min. SSL 1.0 and 2.0 and TLS 1.0 disabled) PRIOR to accepting a request for a certificate. Yes, I know that would mean that sites (probably many) that “support encryption” would start to fail connection request… BUT those sites are ALREADY egregiously open to attack and compromise of the PI / SPI of end users visiting them… I personally would WANT that connection request to fail as an end user.

I am constantly STUNNED at the number of sites that have STILL not converted to HTTPS. Given where we are today in terms of Cybercrime I feel that aggressive actions not not only warranted, they are mandatory. I know that many folks would disagree, but somewhere / sometime this HAS TO happen, and I think that LE could help drive this by “setting the bar”.

Dan


#24

Hi,

I’m Jenny. I’m a tek and I’m French. I just discovered your GREAT work !

I took some notes, translated in french, on my blog.
I sent the link to several ex-coworkers (working for Geodis, who store a lot of certificates), and on twitter too, trying to push froggies to have a look…

Pour les francais qui ont du mal à lire l’anglais, j’ai traduit pas mal de truc sur mon blog => contactez-moi pour avoir le lien :smile:

Thanks


#25

Hello everyone,

I’m Zwetan based in France
let’s say I’m half programmer half sysadmin but also an open source dev

I’m mainly working on a project named redtamarin which I’m moving to the server side and decided that it would be good to have SSL enabled by default everywhere.

All the best to Let’s Encrypt!!


#26

Hi All,

My name is Tom, and I am currently admining a small web farm of mixed Linux and IIS servers sharing http/s, sftp and ssrs reports that suffers from years of poorly applied wildcard certs, as a beautiful grove of trees suffers from an infestation of creeping vines. Watching this project over the past several months, I can only say how happy I am to see how much progress has been made. It is almost too good to be true :slight_smile:

Last week I asked our CA how much 200 individual certs would be. Answer: $33k for 3 years!

Love the stuff you all are doing, and I will try and help with an IIS test implementation soon.

@Dan - Couldn’t agree more! It’s a tough sell, and I’m consistently amazed at having to repeatedly promote/evangelize the idea of proper security with no sign off from ‘leadership’.


#27

By the way, I will advise you to issue those as 4 certificates of 50 names each. Otherwise you might hit the ratelimits. And make sure to use the staging server until you’ve got your scripts working.


#28

Thanks riking! That is great advice and I will take it to heart while planning.


#30