A Note from our Executive Director
letsencrypt.org
This letter was originally published in our 2024 Annual Report. The past year at ISRG has been a great one and I couldn’t be more proud of our staff, community, funders, and other partners that made it happen. Let’s Encrypt continues to thrive, serving more websites around the world than ever before with excellent security and stability. Our understanding of what it will take to make more privacy-preserving metrics more mainstream via our Divvi Up project is evolving in important ways.

Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before - short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

  • Em Adespoton@lemmy.ca
    3·
    2 days ago

    So is this specifically for less trusted transition certs, to provide encryption when the old cert is known to be compromised and the new cert isn’t fully deployed yet?

    • Scipitie@lemmy.dbzer0.com
      4·
      2 days ago

      Interested amateur disclaimer!

      Fast rotating certificates always more secure because the timeframe between beach discovery and system inherent revoke is shorter.

      How big the impact in terms of real life is I can’t even guess because of the (from my perspective) weird circumstances they must happen to depend on the certificate lifetime itself.

      I guess it’s just one of these “every but helps” factors more than specific use cases.