How secure is the LetsEncrypt CA architecture?

Hi, I am considering the use of LetsEncrypt and have a couple of questions:

How secure is the LetsEncrypt CA architecture? More specifically:

  1. What are the technical and administrative security measures in place to protect the root certificate (1) when it was created, and (2) on an on-going basis?
  2. Have you had an security assurance audit or review performed by an independent third party?
2 Likes

Hi there,

  1. Let's Encrypt complies with the CA/Browser Forum's Baseline Requirements and Network Security Requirements, which are required of all publicly trusted CAs. There's a great depth of possible detail about that compliance, and other security measures that go beyond those requirements; hopefully this is a useful starting point.

  2. Yes. The Policy and Legal Repository has a lot of detailed information about this, including copies of audit reports.

8 Likes

Let's Encrypt also gives some fun details about their operations in their blog and annual report, if you're looking for specifics on their HSMs, database servers, and other infrastructure.

Let's Encrypt is also an industry leader in checking for domain ownership from multiple vantage points before issuing a certificate.

So in terms of technical infrastructure and architecture, I think Let's Encrypt is at least as capable as any other CA.

6 Likes

One of the things that keeps Let's Encrypt secure is a choice of practice, not required by the CA/B BRs or by root store policies, and therefore all the more praiseworthy.

Whenever possible Let's Encrypt chooses to simply use their existing fully automatic issuance architecture for everything. That is, to get themselves a certificate (say, to test something) they use the same means you would. Since this architecture is protected against deliberate attacks by bad guys, it will inevitably also prevent many mere accidents that could arise if Let's Encrypt staff were to issue things using a custom process. We know that at some public CAs (including some which are still trusted today) there have been incidents where, without malice, a misissuance happened because staff missed a check that would have been mandatory for the general public.

For example, CAs are expected to provide Mozilla with an example of a web site with an expired certificate. Lots of CAs would just bypass their automation and mint a certificate with a very short lifespan, or even tweak the dates on it so that it appeared to have been issued and already expired in the past, but Let's Encrypt specifically didn't do that. They obtained a certificate just like anybody can from their CA, and then they waited until it expired naturally.

5 Likes