HTTPS Everywhere: Encryption for All WordPress.com Sites
- 
 The Letβs Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Letβs Encrypt to make the process smoother for our massive and growing list of domains. 
- 
 @tonyshowoff Let's Encrypt is completely free. 
- 
 @aaronstuder said: @tonyshowoff Let's Encrypt is completely free. Without Microsoft support and recognition of it, it's completely useless from a business perspective, and maybe even a regular person perspective, considering red WARNING!!!! doesn't go over well. I like the idea of Let's Encrypt, the idea that SSL certs require money for signing due to "insurance" is a total lie and it's a way to print money. Any proof an SSL certificate has failed? No, only underlying protocols and software. All that money Versign and the other monsters collect to send out 25kb of data is a scam, and it's no surprise the first browser to start claiming self-signed certificates were inherently dangerous was IE. 
- 
 @tonyshowoff What are you talking about? Let's Encrypt doesn't cause any warnings. I have tons of sites running LE with no warnings... 
- 
 @aaronstuder said: @tonyshowoff What are you talking about? Let's Encrypt doesn't cause any warnings. I have tons of sites running LE with no warnings... Do you have an example of a web site using it? 
- 
 
- 
 @aaronstuder said: @tonyshowoff said: Do you have an example of a web site using it? Sure. https://letsencrypt.org/ That's issued by IdenTrust and is a part of the same certificate authority, I'm talking about one issued by letsencrypt themselves, as a part of that chain, not their parent, unless of course that's how it works. 
- 
 
- 
 @aaronstuder Thank you  
- 
 
- 
 @aaronstuder said: @tonyshowoff said: @aaronstuder Thank you  Any warnings? No, not in Chrome, IE, Opera, or Firefox (as presumed). This is great! But my criticism above stands when it comes to independent authorities and my criticism of the sign-monster coming on board in the first place without a free option available back then. I really hope this makes a big dent in the absolute scam that is the signed certificate industry. The only criticism I do have is that they do not support wild card and apparently don't plan to anytime soon, according to community posts I found (granted from months ago). Until wildcard is supported, Versign, Thawt, etc will continue to just exploit the hell out of people. Having said that, this is a great start. There was that one SSL service which provided "free" SSL for years now, but it's a pain in the ass to setup, and their site basically wants you to be an expert to avoid having to pay. Great start, wonderful  
- 
 @tonyshowoff I agree. Wildcard support would be excellent, but the price is right  Remember that you can generate more then one. (domain.com, mail.domain.com, owncloud.domain.com, etc) Remember that you can generate more then one. (domain.com, mail.domain.com, owncloud.domain.com, etc)
- 
 @aaronstuder said: @tonyshowoff I agree. Wildcard support would be excellent, but the price is right  Remember that you can generate more then one. (domain.com, mail.domain.com, owncloud.domain.com, etc) Remember that you can generate more then one. (domain.com, mail.domain.com, owncloud.domain.com, etc)Indeed, like I said, great start, if nothing else hopefully it will cause the prices in wildcards to drop due to fears of people leaving their current issuers. 
- 
 The problem with free is someone has to pay for the servers that support it. I'm really glad that the EFF has decided to do Let's Encrypt - something that took them well over a year after they first announced it before it was working. To boot strap themselves, they have their root certificate signed by someone that most if not all browsers already trusted until they get their own root cert accepted by most if not all browsers directly. 
- 
 @Dashrender said: The problem with free is someone has to pay for the servers that support it. I'm really glad that the EFF has decided to do Let's Encrypt - something that took them well over a year after they first announced it before it was working. It's not that expensive though overall. The cost of servers and bandwidth is lower than ever (and will continue to drop, as per Moore's Law and the bandwidth equivalent). Issuers rarely ever use this as a point for arguing the costs, they claim it's for the insurance in case of certificate failure. Of course, this is total nonsense, it's not the certificates which fail, it's the protocols/software/etc and those are not included in their "insurance" policies. Versign, Thawt, etc have collected tens of billions of dollars in fees for something that would cost several thousand a year to host, but how much have they given out in insurance? I know of none at all in the last 20 years. They know this, so it's why the entry into it is so high to become an authority. Basically all the arguments they use are the same ones the early registrars used for their pricing. And as we know now, the cost of a domain is extremely tiny and chaos did not ensure when prices dropped, aside from the lack of rules regarding squatters. 
- 
 Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010. Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs. The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning. 
- 
 @Dashrender said: Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010. Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs. The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning. It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market. 
- 
 @Dashrender said: The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning. The Internet doesn't have a security model. 
- 
 @scottalanmiller said: @Dashrender said: Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010. Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs. The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning. It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market. Frankly, in this case, a monopoly, like you want for healthcare, seems like the better play. The fees should either be free or extremely low, only enough to handle the costs of administration and hardware required. 
- 
 @Dashrender said: @scottalanmiller said: @Dashrender said: Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010. Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs. The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning. It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market. Frankly, in this case, a monopoly, like you want for healthcare, seems like the better play. The fees should either be free or extremely low, only enough to handle the costs of administration and hardware required. Universal coverage does not imply monopolistic treatment. Further, most countries with universal health coverage also have private systems too. 


