Re: [Blog] Progress Towards 100% HTTPS, June 2016

Re: [Blog] Progress Towards 100% HTTPS, June 2016

It’s nice to have lofty goals to reach for. But it is pointless, even counter productive, to have unobtainable goals.

I have trouble taking this seriously as an obtainable goal. I see it as down right ignoring reality and practicality. 100% HTTPS is far bigger than Let’s Encrypt. It involves all CA, maybe would even require world wide government enforced mandates.

Is Let’s Encrypt seriously going to take this on?

What are the foreseeable obstacles to achieving this very lofty goal of 100% HTTPS?

What actions will Let’s Encrypt undertake to remove and overcome those obstacles?

The 100% HTTPS goal stated by this blog post seems to simply ignore reality.
“Our goal with Let’s Encrypt is to get the Web to 100% HTTPS.”

Progress Towards 100% HTTPS, June 2016
Jun 22, 2016 • Josh Aas, ISRG Executive Director

well I think that LE alone wont make 100% HTTPS possible, but LE gives certainly people a motivation of using HTTPS by issuing free certs.

I certainly dont believe LE is practical enough for 100% HTTPS, 90 day life, no wildcard, the usual stuff, but I think they can certainly SET A PATH TOWARDS 100% HTTPS and, by extension, 100% TLS

1 Like

That or browser-enforced mandates.

https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure

It's certainly not unobtainable. In the past two years Wikipedia, Netflix, Reddit, Amazon, the Washington Post and countless other sites have moved to HTTPS by default. The job of Let's Encrypt is to make this possible for small sites, mainly by encouraging web hosting companies to offer it to their customers as a one-click option. CloudFlare, Wordpress.com, DreamHost and many other services already offer such options, with the first two enabling it by default.

Letsencrypt's existence and being available is a start. They never did mention a time frame to achieve this so over time yes working towards 100% HTTPS is a goal. Most of letsencrypt's ssl certs are being issued to folks who never had HTTPS before https://community.centminmod.com/threads/ssl-certificate-authorities-usage-trend-statistics.7774/ so it's certainly moving in that direction if you take into account all CA ssl cert providers continued growth in the HTTPS/SSL market share trends

w3techs.com over past 14 months ~+5% growth combined from all CA ssl providers

look at all the spawned letsencrypt clients already ACME Client Implementations - Let's Encrypt - over time these will mature and attract more folks and I'll be doing my part https://centminmod.com/acmetool :sunglasses: though my focus is more on performance/speed via HTTP/2 and related technologies like brotli compression etc.

If you have trouble taking 100% encrypted web seriously then you don’t really understand technology do you. You need to expand the scope of your perspective. When the internet began there was no such thing as encryption for any of it’s protocols. Now only a few decades later, encryption is commonplace for most internet protocols. Progress is part of technology. There are always people like Let’s Encrypt (and I’d like to say, ‘me’) who are pushing for the next great step.

100% HTTPS is not a lofty goal, it’s an inevitability. Let’s Encrypt is a huge step in making it happen sooner rather than later. As people begin to learn how the internet works in greater numbers, and when people begin to understand what a “man in the middle” attack is, and when people understand their traffic can be sniffed like reading a book by anyone connected to the same wifi as they are using freely available, user-friendly, automated arp-poisoning applications, then people will demand encryption from service providers. 100% of serious online businesses are already offering encryption. The only ones straggling behind are people who don’t understand the technology, and haven’t hired someone to understand it for them.

The difference between independently successful people and bottom-feeders is that the successful people step up to the plate when there are challenges to be solved.

In fact I’d say Let’s Encrypt is the final nail in the coffin of plaintext web traffic. The next big hurdle is going to be 100% encrypted email, and it is coming. The NSA’s intrusions have forced it to come sooner. Projects like https://protonmail.com and https://keybase.io and others like them are going to make these things happen. It’s an exciting time to be alive.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.