Skip to main content
banner image
venafi logo

2018 Certificate Growth: Let’s Encrypt and Beyond

2018 Certificate Growth: Let’s Encrypt and Beyond

let's encrypt 2018 plans
January 5, 2018 | Eva Hanscom

2017 was an incredible year for web encryption and the Let’s Encrypt program was a clear leader in this progress.

As Josh Aas, executive director for the Internet Security Research Group, recently wrote on the Let’s Encrypt blog: “[In 2017, We] more than doubled the number of active (unexpired) certificates we service to 46 million, we just about tripled the number of unique domains we service to 61 million… Most importantly though, the Web went from 46% encrypted page loads to 67% according to statistics from Mozilla - a gain of 21 percentage points in a single year.”

Encryption is clearly valuable asset for many organizations and individuals. But its popularity has also made it a lucrative tool for cyber criminals, who use encryption to mask malicious behavior.

Last year, a report from Zscaler revealed that 54% of the threats blocked by their product line hid in SSL traffic. Plus, the cloud security company counted 600,000 malicious activities using SSL per day. In addition, an A10 Networks report revealed that roughly 41% of cyber attacks used encryption to evade detection. Now, it’s grown to over half.

Let’s Encrypt recently discussed their initiatives for the new year. However, as we enter 2018, it’s important we promote encryption and understand it’s weaknesses at the same time. “It’s commendable how far Let’s Encrypt has come,” said Hari Nair, director of product management for Venafi. “They are well and truly on the way to fulfilling their mission: encrypting the web.”

Nair offered his insights into Let’s Encrypt’s 2018 positions. Overall, he is pleased with their progress, but urges caution with some of the goals:

  1. ACME upgrade to version 2. “This is a good thing,” said Nair. “ACME v2 is targeted as an IETF standard, which will increase adoption. In addition, it is being developed with input from other CAs, as opposed to ACME v1, which was designed primarily for Let’s Encrypt. Overall, this will encourage other CAs to introduce themselves to ACME interfaces, leading to more certificates issued faster with some level of automation.”

    “Venafi introduced ACME in our product portfolio last year, in both our on-premises and in-cloud products. With this initiative, enterprises can leverage this soon-to-be-standard without being tied into a single CA.”
     
  2. Support for wild-carded certificates. “Let’s Encrypt has the right intentions, but I’m concerned this feature will be abused by consumers,” said Nair. “Wild-carded certificates can protect some TLS end-points and should only be used when a more secure alternative does not exist. Unfortunately, uninformed administrations can use them to revert to bad practices.”

    “Ultimately, wild-carded certificates are a high value target for malicious actors, especially when they are not secured properly within hardware security modules (HSMs). As such, I’m not particularly comfortable with this goal from Let’s Encrypt.
     
  3. The move to support full (end-to-end) ECDSA. “This is a fine position,” said Nair. “But, I doubt it will lead to any large-scale adoption of ECC. The reality is that ECC is arguably just as susceptible to quantum computing attacks as RSA. However, it may help with adoption of public key cryptography in resource-constrained environments, like IoT devices.”

“Overall, Let’s Encrypt’s success accelerates the commoditization of certificates,” concluded Nair. “Both Venafi and Let’s Encrypt place immense value in the protection of machine identities, I’m looking forward to what the next year brings.”

What are your encryption initiatives in 2018?

Related blogs

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

man sitting on chair and thinking

Venafi Study: Are Financial Service Organizations More Likely to Suffer Certificate-Related Outages?

accessec, APIIDA, Crypto4A, Difenda

Six Groundbreaking Machine Identity Protection Developers Gain Funding

code signing certificates, Code Signing, Stuxnet, ShadowHammer

Study: How Well Are You Protecting Code Signing Certificates?

About the author

Eva Hanscom
Eva Hanscom

Eva Hanscom writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat