THE SECURITY AWARE Let's Encrypt certificate authority has issued one hundred million digital certificates, but cannot say if they are all in use.
Let's Encrypt was set up by the Electronic Frontier Foundation, Mozilla, the University of Michigan, Cisco and Akamai in an attempt to encourage HTTPS connections.
"Free certificates from Let's Encrypt allow web sites to offer secure HTTPS connections to their users, protecting the privacy and security of those connections against many network-based threats," explained the EFF.
"EFF continues to help develop the Boulder software that Let's Encrypt uses internally, as well as Certbot, Let's Encrypt's recommended software for obtaining and installing certificates on web servers."
The 100 million number is a landmark that does not mean that there are 100 million websites with a Let's Encrypt certificate and that EFF reckons that the number is closer to 50 million.
"For various reasons, the hundred-million mark does not mean that a hundred million different sites use Let's Encrypt certificates. It's hard to say with certainty whether Let's Encrypt has issued the largest number of certificates because CAs are not currently required to disclose the certificates they issue, but Let's Encrypt does so voluntarily," it added.
"And the number of sites protected by Let's Encrypt will continue to grow rapidly as more and more hosting providers and server software offer convenient Let's Encrypt support to help bring HTTPS to sites that didn't have it before. We're extremely proud of the contribution that we've made and continue to make in making the web safer for its users."
Things haven't always gone swimmingly and last year we reported that Let's Encrypt had issued 15,000 SSL certificates to PayPal phishing sites, according to research from The SSL Store.
Ilia Kolochenko, CEO of web security company High-Tech Bridge, said then that Let's Encrypt does a good thing, but should have expected that phishing bastards would come along to ruin everything for everyone.
"[Let's Encrypt] should implement at least some basic security verifications, such as refusing SSL certificates for domains that contain popular brand names inside," he said. µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe