Skip to main content
banner image
venafi logo

2018 Certificate Growth: Let’s Encrypt and Beyond

2018 Certificate Growth: Let’s Encrypt and Beyond

let's encrypt 2018 plans
January 5, 2018 | Emil Hanscom

2017 was an incredible year for web encryption and the Let’s Encrypt program was a clear leader in this progress.

As Josh Aas, executive director for the Internet Security Research Group, recently wrote on the Let’s Encrypt blog: “[In 2017, We] more than doubled the number of active (unexpired) certificates we service to 46 million, we just about tripled the number of unique domains we service to 61 million… Most importantly though, the Web went from 46% encrypted page loads to 67% according to statistics from Mozilla - a gain of 21 percentage points in a single year.”

Encryption is clearly valuable asset for many organizations and individuals. But its popularity has also made it a lucrative tool for cyber criminals, who use encryption to mask malicious behavior.


Last year, a report from Zscaler revealed that 54% of the threats blocked by their product line hid in SSL traffic. Plus, the cloud security company counted 600,000 malicious activities using SSL per day. In addition, an A10 Networks report revealed that roughly 41% of cyber attacks used encryption to evade detection. Now, it’s grown to over half.

Let’s Encrypt recently discussed their initiatives for the new year. However, as we enter 2018, it’s important we promote encryption and understand it’s weaknesses at the same time. “It’s commendable how far Let’s Encrypt has come,” said Hari Nair, director of product management for Venafi. “They are well and truly on the way to fulfilling their mission: encrypting the web.”

Nair offered his insights into Let’s Encrypt’s 2018 positions. Overall, he is pleased with their progress, but urges caution with some of the goals:

  1. ACME upgrade to version 2. “This is a good thing,” said Nair. “ACME v2 is targeted as an IETF standard, which will increase adoption. In addition, it is being developed with input from other CAs, as opposed to ACME v1, which was designed primarily for Let’s Encrypt. Overall, this will encourage other CAs to introduce themselves to ACME interfaces, leading to more certificates issued faster with some level of automation.”

    “Venafi introduced ACME in our product portfolio last year, in both our on-premises and in-cloud products. With this initiative, enterprises can leverage this soon-to-be-standard without being tied into a single CA.”
  2. Support for wild-carded certificates. “Let’s Encrypt has the right intentions, but I’m concerned this feature will be abused by consumers,” said Nair. “Wild-carded certificates can protect some TLS end-points and should only be used when a more secure alternative does not exist. Unfortunately, uninformed administrations can use them to revert to bad practices.”

    “Ultimately, wild-carded certificates are a high value target for malicious actors, especially when they are not secured properly within hardware security modules (HSMs). As such, I’m not particularly comfortable with this goal from Let’s Encrypt.
  3. The move to support full (end-to-end) ECDSA. “This is a fine position,” said Nair. “But, I doubt it will lead to any large-scale adoption of ECC. The reality is that ECC is arguably just as susceptible to quantum computing attacks as RSA. However, it may help with adoption of public key cryptography in resource-constrained environments, like IoT devices.”

“Overall, Let’s Encrypt’s success accelerates the commoditization of certificates,” concluded Nair. “Both Venafi and Let’s Encrypt place immense value in the management of machine identities, I’m looking forward to what the next year brings.”

What are your encryption initiatives in 2018?

Learn more about machine identity management. Explore now.


Related blogs

Like this blog? We think you will love this.
Featured Blog

What Is Encryption Key Management?

Why Is Key Manag

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more