Internet Security Research Group

Four Years of Momentum: Craig Newmark Philanthropies and the Future of Memory Safety

Wed, 11 Feb 2026 00:00:00 +0000

We are pleased to announce that Craig Newmark Philanthropies has renewed its support for the Internet Security Research Group (ISRG) with a $100,000 grant for 2026.

This marks the fourth consecutive year of support from craigslist founder Craig Newmark. As a pioneer in the "Cyber Civil Defense" movement and a former programmer himself, Craig has long understood that memory safety vulnerabilities are an avoidable but critical threat to cybersecurity. His early and consistent support has allowed ISRG's Prossimo project to move from research and development to real-world deployments.

Delivering on the Promise of Memory Safety

When we first announced Craig's support in 2023, we were focused on building the tools. In 2024/25, we were refining them. In 2026, we are seeing them deployed at scale:

sudo: Our memory-safe implementation became the default in Ubuntu in late 2025, improving security for millions of users.
Rustls: We continue to work with organizations that have added Rustls to their roadmap and we are seeking input from potential adopters.
Hickory DNS: As the world's first open-source, memory-safe, fully recursive DNS resolver, Hickory is on track for production use by mid-2026 in the Let's Encrypt infrastructure.

The Value of Long-Term Advocacy

We are grateful for Craig's continued trust as we build more resilient digital systems. This support allows our team to focus on the technical work that makes the internet fundamentally safer for everyone. We hope Craig's leadership will inspire others to consider how they can leave a legacy of making a better internet for everyone.

As we look ahead to 2026, we are proud to continue this work alongside those who understand the importance of protecting the internet. We are grateful for Craig's continued trust in our mission.

On the Importance of "Hello" and "Thanks"

Thu, 05 Feb 2026 00:00:00 +0000

In a recent conversation with a Let's Encrypt subscriber, we asked them to guess how many people work at ISRG, the nonprofit behind Let's Encrypt (and Prossimo and Divvi Up). Their guess was about 100; they'd overestimated by 72.5 people. We're a pretty small team, and we get a lot done, but most of that work is entirely remote, distributed, and automated.

That is a big part of what makes FOSDEM special. For the last few years, we've had a stand at this annual conference in Belgium, where a few folks from our team have the opportunity to speak directly with thousands of conference-goers. We continue to learn so much from these conversations!

That's where the "Hello" part of this blog post comes in. At this year's FOSDEM, we met so many Let's Encrypt subscribers, and each of them has a unique relationship to Let's Encrypt. We were pleasantly surprised by how many people told us they were using IP-address certificates, a new option we just made generally available in December. We had a lot of conversations about our plans to shorten certificate lifetimes. There were a few folks who asked about S/MIME (still no plans to do that). We invited people to continue to stay in touch by signing up for our newsletter.

The most meaningful part of FOSDEM is being able to say "thank you". Our goal in starting Let's Encrypt was to improve security and privacy for people using the internet, but that could not be achieved without the now millions of folks who decided to get a certificate. Our impact is predicated on this symbiotic exchange. While we were only able to directly express our gratitude to a few thousand people at FOSDEM, it was a reminder of how important the community is.

6-day and IP Address Certificates are Generally Available

Thu, 15 Jan 2026 00:00:00 +0000

Short-lived and IP address certificates are now generally available from Let's Encrypt. These certificates are valid for 160 hours, just over six days. In order to get a short-lived certificate subscribers simply need to select the 'shortlived' certificate profile in their ACME client.

Short-lived certificates improve security by requiring more frequent validation and reducing reliance on unreliable revocation mechanisms. If a certificate's private key is exposed or compromised, revocation has historically been the way to mitigate damage prior to the certificate's expiration. Unfortunately, revocation is an unreliable system so many relying parties continue to be vulnerable until the certificate expires, a period as long as 90 days. With short-lived certificates that vulnerability window is greatly reduced.

Short-lived certificates are opt-in and we have no plan to make them the default at this time. Subscribers that have fully automated their renewal process should be able to switch to short-lived certificates easily if they wish, but we understand that not everyone is in that position and generally comfortable with this significantly shorter lifetime. We hope that over time everyone moves to automated solutions and we can demonstrate that short-lived certificates work well.

Our default certificate lifetimes will be going from 90 days down to 45 days over the next few years, as previously announced.

IP address certificates allow server operators to authenticate TLS connections to IP addresses rather than domain names. Let's Encrypt supports both IPv4 and IPv6. IP address certificates must be short-lived certificates, a decision we made because IP addresses are more transient than domain names, so validating more frequently is important. You can learn more about our IP address certificates and the use cases for them from our post announcing our first IP Certificate.

We'd like to thank the Open Technology Fund and Sovereign Tech Agency, along with our Sponsors and Donors, for supporting the development of this work.

A Note from our Executive Director

Mon, 29 Dec 2025 00:00:00 +0000

This letter was originally published in our 2025 Annual Report.

This year was the 10th anniversary of Let's Encrypt. We've come a long way! Today we're serving more than 700 million websites, issuing ten million certificates on some days. Most importantly, when we started 39% of page loads on the Internet were encrypted. Today, in many parts of the world, over 95% of all page loads are encrypted. We can't claim all the credit for that, but we're proud of the leading role we played. Being able to help ISRG and Let's Encrypt get to where we are today has been the opportunity of a lifetime for me.

There's more I could talk about from the past ten years, but this 10th year was about as good as any before it so I want to focus on our most recent work. I'll get the headline for 2025 out right away: over the past year we went from serving 492 million websites to 762 million. That's a 50% increase in a single year, equivalent to the growth we saw over our first six years of existence combined. Our staff did an amazing job accommodating the additional traffic.

I'm also particularly proud of the things we did to improve privacy this year, across all of our projects.

At the start of 2025 we were serving over four billion Online Certificate Status Protocol (OCSP) requests per day. That's 180 million per hour, or 50,000 per second. OCSP has been an important mechanism for providing certificate revocation information for a long time, but the way it works is bad for privacy. It requires browsers to check with certificate authorities for every website they visit, which is basically providing your browsing history to third parties. Let's Encrypt never held onto that data; it got dropped immediately. However, there is no way to know if that was standard practice across the industry, and even well-intentioned CAs could make a mistake or be compelled to save that data. It was a system ripe for abuse, so we decided to become the first major CA to turn off our OCSP service. We couldn't be sure what the full impact would be, but this was a way in which the Internet needed to get better. In August of 2025 we turned off our OCSP service. There was no major fallout and we haven't looked back.

Another big privacy-focused change we made to Let's Encrypt in 2025 was no longer storing subscriber email addresses in our CA database, associated with issuance data. In June of this year we stopped adding the optional email addresses that subscribers send to our database, and we deleted the millions of email addresses that had accumulated over the years. Making this change was not an easy thing to decide to do—it limits our ability to contact subscribers and we had to turn off our expiration reminder email service—but we feel the ecosystem has grown enough over the past ten years that the privacy implications of holding onto the email addresses outweighed the utility.

Privacy was at the forefront for the folks at ISRG researching human digital identity as well. They have been hard at work on an implementation of the Anonymous Credentials from ECDSA scheme, also known as Longfellow. This is a cryptographic library that can be used in digital identity management, including things like digital wallets, in order to improve privacy when sharing credentials. Digital identity systems should have strong privacy and compatibility requirements, but such requirements pose challenges that existing digital credential technologies are going to struggle to meet. New schemes such as Longfellow aim to address these challenges, bringing privacy improvements to systems that need to work with existing cryptographic hardware. This is exciting stuff, but not easy to build (so much math!)—watching our talented engineers make progress has been thrilling.

The last example of great privacy work I want to highlight from 2025 is our Prossimo project's work towards encrypted recursive-to-authoritative DNS. Prossimo is focused on bringing memory safety to critical software infrastructure, but sometimes that dovetails nicely with other initiatives. DNS queries are fundamental to the operation of the Internet. Without getting into the details here too much, there are basically two types of DNS queries: stub-to-recursive and recursive-to-authoritative. A lot of work has gone into encrypting stub queries over the past decade, mostly through DNS over HTTPS (DoH) initiatives. Authoritative queries, however, remain almost entirely unencrypted. This is a particular problem for Certificate Authorities like Let's Encrypt. During 2025, our Prossimo project started work on changing that, investing heavily in encrypted authoritative resolution by implementing RFC 9539 Unilateral Opportunistic Deployment of Encrypted Recursive‑to‑Authoritative DNS and other related improvements in Hickory DNS. Once this is ready, early in 2026, Hickory DNS will be a high performance and memory safe option that DNS operators can use to start making and receiving encrypted authoritative DNS queries. It can also be used for integration testing with other DNS implementations.

It's wonderful, and a real responsibility, to be able to have this kind of positive impact on the lives of everyone using the Internet. Charitable contributions from people like you and organizations around the world make what we do possible. We are particularly grateful to Jeff Atwood, Betsy Burton, and Stina Ehrensvärd for their special gifts this year. Since 2015, tens of thousands of people have donated. They've made a case for corporate sponsorship, given through their DAFs, or set up recurring donations. If you're one of those people, thank you. If you're considering becoming a supporter, I hope this annual report will make the case that we're making every dollar count.

Every year we aim to make the dollars entrusted to us go as far as possible, and next year will be no exception.

Zero Knowledge Proofs from Credentials

Thu, 11 Dec 2025 00:00:00 +0000

As more of people's everyday lives move online, there is a stronger push to use technology to verify aspects of online users' identities. Unfortunately, naive technical solutions in which users upload images of themselves or government issued identity documents to verifiers impose significant privacy risks on users, as this personally identifying information may get leaked.

Fortunately, modern cryptography provides tools we can use to do better. A family of techniques called zero knowledge proofs enables proving statements about things like digital credentials without revealing anything beyond the strict minimum required information. For most of 2025, ISRG engineers have been developing and experimenting with these techniques.

Think about your driver's license as a message which contains multiple claims. One is your name, another is your address, still another is your birthdate, and so on for all the information printed on the card. Besides being printed on the card, all that information is also electronically encoded into a chip or barcode, and digitally signed by the issuing authority. This information can be used in online authentication protocols, but we wouldn't want to present the entire digital ID to a relying party because that reveals more information about the bearer than is strictly necessary.

A step in the right direction is selective disclosure. Suppose that a website wants to restrict its services to residents of a particular country. The relying party doesn't need to check the user's eye colour or birthdate. So let's only reveal the address from the identity document (ID). Less information is now leaked, but an address is still a high resolution tracking identifier. The relying party doesn't actually need to know your address, they just need to know that you are from the correct country

That's where zero knowledge comes in: instead of revealing the entire ID, or selectively disclosing the address, the user's client would construct a proof that the user holds an ID issued by a trusted authority and that this ID attests to a satisfactory location -- and nothing else. That's what is meant by zero knowledge: I prove to you an assertion about a piece of private data, but reveal nothing else whatsoever about it.

Well, this sounds great, so why aren't we already doing it? The big stumbling block to deploying zero knowledge proofs is that the cryptographic algorithms widely used for government issued credentials, while secure, aren't designed for compatibility with zero knowledge proof systems. And the algorithms that are ideal for zero knowledge proof systems aren't approved by government bodies like NIST, the UK NCSC or German BSI. Even if they were, it would take years to replace all the existing driver's licenses and passports and so on with ones that use the fancy new cryptography. We can't wait that long, because more and more governments and regulatory bodies are imposing requirements on online service providers that require digital IDs.

What changes the calculus is Longfellow. Longfellow is a zero knowledge proof system optimized for proving statements from legacy cryptography like ECDSA with P256 curves and SHA-256 digests. By carefully applying a series of sophisticated optimizations, Longfellow threads the needle of being compatible with existing credentials, being fast enough to work on the internet, and providing vastly better privacy than solutions currently available.

As part of our broader project on human digital identity on the internet, ISRG has been researching Longfellow. We've been collaborating with the scheme's inventors on a specification of the proof system, and our own implementation (in memory-safe Rust, naturally). Besides deepening ISRG's expertise in these emerging technologies, our partners at the SIROS Foundation plan to integrate this work into wwWallet, their European Union Digital Identity wallet.

A zero knowledge proof system is just one piece of a big puzzle, and there's lots of other exciting developments underway in this space. For example, Crescent is a different system designed by researchers at UC Berkeley and Microsoft Research that addresses similar constraints. And while compatibility with issued credentials in the field is vital for near-term success, we also need to identify longer term solutions based on post-quantum cryptography, so that we can ensure security and privacy even in the face of cryptographically relevant quantum computers. Standards development organizations like the Internet Engineering Task Force are starting to take notice of this problem space, and we look forward to collaborating with industry, academia and government in such venues.

10 Years of Let's Encrypt Certificates

Tue, 09 Dec 2025 00:00:00 +0000

On September 14, 2015, our first publicly-trusted certificate went live. We were proud that we had issued a certificate that a significant majority of clients could accept, and had done it using automated software. Of course, in retrospect this was just the first of billions of certificates. Today, Let's Encrypt is the largest certificate authority in the world in terms of certificates issued, the ACME protocol we helped create and standardize is integrated throughout the server ecosystem, and we've become a household name among system administrators. We're closing in on protecting one billion web sites.

In 2023, we marked the tenth anniversary of the creation of our nonprofit, Internet Security Research Group, which continues to host Let's Encrypt and other public benefit infrastructure projects. Now, in honor of the tenth anniversary of Let's Encrypt's public certificate issuance and the start of the general availability of our services, we're looking back at a few milestones and factors that contributed to our success.

Growth

A conspicuous part of Let's Encrypt's history is how thoroughly our vision of scalability through automation has succeeded.

In March 2016, we issued our one millionth certificate. Just two years later, in September 2018, we were issuing a million certificates every day. In 2020 we reached a billion total certificates issued and as of late 2025 we're frequently issuing ten million certificates per day. We're now on track to reach a billion active sites, probably sometime in the coming year. (The "certificates issued" and "certificates active" metrics are quite different because our certificates regularly expire and get replaced.)

The steady growth of our issuance volume shows the strength of our architecture, the validity of our vision, and the great efforts of our engineering team to scale up our own infrastructure. It also reminds us of the confidence that the Internet community is placing in us, making the use of a Let's Encrypt certificate a normal and, dare we say, boring choice. But I often point out that our ever-growing issuance volumes are only an indirect measure of value. What ultimately matters is improving the security of people's use of the web, which, as far as Let's Encrypt's contribution goes, is not measured by issuance volumes so much as by the prevalence of HTTPS encryption. For that reason, we've always emphasized the graph of the percentage of encrypted connections that web users make (here represented by statistics from Firefox).

(These graphs are snapshots as of the date of this post; a dynamically updated version is found on our stats page.) Our biggest goal was to make a concrete, measurable security impact on the web by getting HTTPS connection prevalence to increase—and it's worked. It took five years or so to get the global percentage from below 30% to around 80%, where it's remained ever since. In the U.S. it has been close to 95% for a while now.

A good amount of the remaining unencrypted traffic probably comes from internal or private organizational sites (intranets), but other than that we don't know much about it; this would be a great topic for Internet security researchers to look into.

We believe our present growth in certificate issuance volume is essentially coming from growth in the web as a whole. In other words, if we protect 20% more sites over some time period, it's because the web itself grew by 20%.

A few milestones

We've blogged about most of Let's Encrypt's most significant milestones as they've happened, and I invite everyone in our community to look over those blog posts to see how far we've come. We've also published annual reports for the past seven years, which offer elegant and concise summaries of our work.

As I personally think back on the past decade, just a few of the many events that come to mind include:

Telling the world about the project in November 2014
Our first certificate issuance in September 2015
Our one millionth certificate in March 2016, then our 100 millionth certificate in June 2017, and then our billionth certificate in 2020
Along the way, first issuing one million certificates in a single day (in September 2018), significantly contributed to by the SquareSpace and Shopify Let's Encrypt integrations
Just at the end of September 2025, we issued more than ten million certificates in a day for the first time.

We've also periodically rolled out new features such as internationalized domain name support (2016), wildcard support (2018), and short-lived and IP address (2025) certificates. We're always working on more new features for the future.

There are many technical milestones like our database server upgrades in 2021, where we found we needed a serious server infrastructure boost because of the tremendous volumes of data we were dealing with. Similarly, our original infrastructure was using Gigabit Ethernet internally, and, with the growth of our issuance volume and logging, we found that our Gigabit Ethernet network eventually became too slow to synchronize database instances! (Today we're using 25-gig Ethernet.) More recently, we've experimented with architectural upgrades to our ever-growing Certificate Transparency logs, and decided to go ahead with deploying those upgrades—to help us not just keep up with, but get ahead of, our continuing growth.

These kinds of growing pains and successful responses to them are nice to remember because they point to the inexorable increase in demands on our infrastructure as we've become a more and more essential part of the Internet. I'm proud of our technical teams which have handled those increased demands capably and professionally.

I also recall the ongoing work involved in making sure our certificates would be as widely accepted as possible, which has meant managing the original cross-signature from IdenTrust, and subsequently creating and propagating our own root CA certificates. This process has required PKI engineering, key ceremonies, root program interactions, documentation, and community support associated with certificate migrations. Most users never have reason to look behind the scenes at our chains of trust, but our engineers update it as root and intermediate certificates have been replaced. We've engaged at the CA/B Forum, IETF, and in other venues with the browser root programs to help shape the web PKI as a technical leader.

As I wrote in 2020, our ideal of complete automation of the web PKI aims at a world where most site owners wouldn't even need to think about certificates at all. We continue to get closer and closer to that world, which creates a risk that people will take us and our services for granted, as the details of certificate renewal occupy less of site operators' mental energy. As I said at the time,

When your strategy as a nonprofit is to get out of the way, to offer services that people don't need to think about, you're running a real risk that you'll eventually be taken for granted. There is a tension between wanting your work to be invisible and the need for recognition of its value. If people aren't aware of how valuable our services are then we may not get the support we need to continue providing them.

I'm also grateful to our communications and fundraising staff who help make clear what we're doing every day and how we're making the Internet safer.

Recognition of Let's Encrypt

Our community continually recognizes our work in tangible ways by using our certificates—now by the tens of millions per day—and by sponsoring us.

We were honored to be recognized with awards including the 2022 Levchin Prize for Real-World Cryptography and the 2019 O'Reilly Open Source Award. In October of this year some of the individuals who got Let's Encrypt started were honored to receive the IEEE Cybersecurity Award for Practice.

We documented the history, design, and goals of the project in an academic paper at the ACM CCS '19 conference, which has subsequently been cited hundreds of times in academic research.

Our initial sponsors

Ten years later, I'm still deeply grateful to the five initial sponsors that got Let's Encrypt off the ground - Mozilla, EFF, Cisco, Akamai, and IdenTrust. When they committed significant resources to the project, it was just an ambitious idea. They saw the potential and believed in our team, and because of that we were able to build the service we operate today.

IdenTrust: A critical technical partner

I'd like to particularly recognize IdenTrust, a PKI company that worked as a partner from the outset and enabled us to issue publicly-trusted certificates via a cross-signature from one of their roots. We would simply not have been able to launch our publicly-trusted certificate service without them. Back when I first told them that we were starting a new nonprofit certificate authority that would give away millions of certificates for free, there wasn't any precedent for this arrangement, and there wasn't necessarily much reason for IdenTrust to pay attention to our proposal. But the company really understood what we were trying to do and was willing to engage from the beginning. Ultimately, IdenTrust's support made our original issuance model a reality.

Conclusion

I'm proud of what we have achieved with our staff, partners, and donors over the past ten years. I hope to be even more proud of the next ten years, as we use our strong footing to continue to pursue our mission to protect Internet users by lowering monetary, technological, and informational barriers to a more secure and privacy-respecting Internet.

Let's Encrypt is a project of the nonprofit Internet Security Research Group, a 501(c)(3) nonprofit. You can help us make the next ten years great as well by donating or becoming a sponsor.

Decreasing Certificate Lifetimes to 45 Days

Tue, 02 Dec 2025 00:00:00 +0000

Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028.

This change is being made along with the rest of the industry, as required by the CA/Browser Forum Baseline Requirements, which set the technical requirements that we must follow. All publicly-trusted Certificate Authorities like Let’s Encrypt will be making similar changes. Reducing how long certificates are valid for helps improve the security of the internet, by limiting the scope of compromise, and making certificate revocation technologies more efficient.

We are also reducing the authorization reuse period, which is the length of time after validating domain control that we allow certificates to be issued for that domain. It is currently 30 days, which will be reduced to 7 hours by 2028.

Timeline of Changes

To minimize disruption, Let’s Encrypt will roll this change out in multiple stages. We will use ACME Profiles to allow you control over when these changes take effect. They are configured in your ACME client. For more information, see our blog post announcing them.

Changes will be deployed to our staging environment approximately one month before the production dates below.

May 13, 2026: Let’s Encrypt will switch our tlsserver ACME profile to issue 45-day certificates. This profile is opt-in and can be used by early adopters and for testing.
February 10, 2027: Let’s Encrypt will switch our default classic ACME profile to issuing 64-day certificates with a 10-day authorization reuse period. This will affect all users who have not opted into the tlsserver or shortlived (6-day) profiles.
February 16, 2028: We will further update the classic profile to issue 45-day certificates with a 7 hour authorization reuse period.

These dates are when the change takes effect for new certificates, so Let’s Encrypt users will see the reduced certificate validity period at their next renewal after these dates.

Action Required

Most users of Let’s Encrypt who automatically issue certificates will not have to make any changes. However, you should verify that your automation is compatible with certificates that have shorter validity periods.

To ensure your ACME client renews on time, we recommend using ACME Renewal Information (ARI). ARI is a feature we’ve introduced to help clients know when they need to renew their certificates. Consult your ACME client’s documentation on how to enable ARI, as it differs from client to client. If you are a client developer, check out this integration guide.

If your client doesn’t support ARI yet, ensure it runs on a schedule that is compatible with 45-day certificates. For example, renewing at a hardcoded interval of 60 days will no longer be sufficient. Acceptable behavior includes renewing certificates at approximately two thirds of the way through the current certificate’s lifetime.

Manually renewing certificates is not recommended, as it will need to be done more frequently with shorter certificate lifetimes.

We also recommend that you make sure your systems have sufficient monitoring in place to alert appropriately if certificates aren’t renewed when expected. There are many available options, some of which are documented on our Monitoring Service Options page.

Making Automation Easier with a new DNS Challenge Type

For many of our users, the hardest part of automatically issuing certificates is proving domain control. Reducing certificate lifetimes and the authorization reuse period will make users need to demonstrate control more often.

All validation methods today require that the ACME client have live access to your infrastructure, either to serve the correct HTTP-01 token, perform the right TLS-ALPN-01 handshake, or update the right DNS-01 TXT record. For a long time, people have wanted a way to run an ACME client without granting it access to these sensitive systems.

These challenges are why we are working with our partners at the CA/Browser Forum and IETF to standardize a new validation method called DNS-PERSIST-01. The key advantage of this new method is that the DNS TXT entry used to demonstrate control does not have to change every renewal.

This means you can set up the DNS entry once and begin automatically renewing certificates without needing a way to automatically update DNS. This should allow even more people to automate their certificate renewals. It will also reduce reliance on authorization reuse, since the DNS records can stay unchanged without any further ACME client involvement.

We expect DNS-PERSIST-01 to be available in 2026, and will have more to announce soon.

Keep Up to Date

Additional updates, reminders, and other changes will be shared on our technical updates mailing list. Subscribe to keep up-to-date with these and all other upcoming changes. If you have any questions, please ask on our community forum. If you want to read more about the work happening at Let’s Encrypt and our other projects, check out our Annual Report, which was published today.

Ten Years of Community Support

Tue, 07 Oct 2025 00:00:00 +0000

Seth Schoen was an early contributor to Let's Encrypt through his work at the Electronic Frontier Foundation. He's also one of the longest standing participants in the Let's Encrypt community support forum, so we asked him to offer his thoughts on the role and impact of the forum as a resource for our users. Thank you for your many years of expertise and participation, Seth!

Josh Aas, Head of Let's Encrypt

Along with the tenth anniversary of Let's Encrypt's first certificate, we're also celebrating ten years of the Let's Encrypt Community Forum, which has played a vital role in the Let's Encrypt community.

It's been the first stop for end users with technical questions. It's been the main way that client developers got help with ACME and debugged compatibility issues. It's been the place where Let's Encrypt staff made technical announcements and got immediate feedback from affected parties.

It's happened in many different languages (including official French, Spanish, and Portuguese categories, use of numerous volunteers' native languages, as well as many successful conversations via machine translation). For example, people have gotten help in Dutch, Russian, German, and Chinese.

Thousands of volunteers have provided help and successfully helped tens of thousands of users get their certificates. Occasionally, they've also reported bugs in client software, documentation, or even the Let's Encrypt service itself. Many times a responsible developer was there to interact directly with the bug reporter.

Here are the monthly pageviews from the creation of the Community Forum until the present day:

Other reports from the forum software show that much of the most recent pageview growth is due to robots, probably from AI training. But that may ultimately be helpful to users too, as AI systems learn about Let's Encrypt from the forum posts and become more able to answer users' questions correctly.

Seeing the results of one's efforts

The most common kind of interaction on the forum is one in which a Let's Encrypt end user shows up with some kind of problem, usually an inability to get or renew a certificate. In most cases, if the user is willing to answer some questions, the community is ultimately able to resolve the problem.

I've often compared the satisfaction of helping users on the Let's Encrypt forum to what I felt while installing bike lights at a local cycling organization's bike light giveaway event. In both cases, one could engage for a few minutes with someone, maybe deal with some unanticipated oddities (extra-thick handlebars? an unusual seat post or cargo rack? a strange DNS setup? an unusual Apache configuration?). Usually, this would lead to a concrete practical improvement in safety afterward (the blinking red tail light freshly installed on someone's bike, or the lovely https:// prefix or padlock icon newly visible in the browser bar when browsing to a visitor's website). It's common in the Internet security world not to be able to see or appreciate how what we do helps people, so "we just helped make connections to your specific web site more secure" is especially satisfying.

Tangible safety upgrades!

Photo by Richard Masoner / Cyclelicious, CC-BY-SA 2.0. Not a bike light I personally installed.

I think Wikimedia Foundation figured out their Let's Encrypt certificates without support from the forum. But we're there if they ever need us!

A channel between Let's Encrypt staff and the community

Let's Encrypt describes itself as "free, automated, and open"; part of that openness consists of its use of open standards (ACME) and open source CA software (Boulder). Part of it is also about how much of the CA's thinking happens in public! One example (of dozens) is that the September 2025 Let's Encrypt root ceremony was discussed ahead of time on the forum, starting back in July, with the plans and details all open for discussion and review. Let's Encrypt staff have even asked the community for feedback on how production and testing certificates ought to be named!

In other cases, like when there was new functionality announced, or substantive technical changes affecting certificate issuance, or proposed rate limit changes, or problems requiring mass revocation, or expiring root certificates, Let's Encrypt staff were available talking about all the details and directly answering end users' questions. Again, there are lots of other examples, where changes large or small got announced, proposed, or discussed on the forum, with Let's Encrypt's own experts engaging with the community.

Final thoughts and thanks

The forum runs on Discourse, which has continued to be an effective choice of forum software for the community. Discourse has nice technical and user interface features, but it's also pleasantly unobtrusive. The Discourse company has also generously been donating pro bono hosting for the forum for many years, and, of course, it uses a Let's Encrypt certificate.

The volunteers on the Let's Encrypt forum have made a huge contribution to Let's Encrypt's success. It's easy to imagine that many users might have given up on Let's Encrypt in frustration were it not for the efforts of dedicated volunteers to draw out the necessary details, notice the relevant issues, and patiently explain concepts that were confusing people. There are also volunteer moderators who've worked hard to keep the forum on track, stop spam, and defuse distracting conflicts. Thanks to all of you.

Several software projects have been informed by discussions and issues on the forum, as developers there found opportunities to help large numbers of users. I would particularly highlight Alex Zorin's Let's Debug and Jonathan Griffin's CertSage as examples in this category. Let's Debug runs a series of practical live tests on a specified site to help users figure out why certificate issuance is failing, giving useful explanations of many of the most common failure reasons. CertSage is a client meant for users who have hosting plans without native support for Let's Encrypt, and without administrative access---but where they can run PHP scripts. These projects grew out of Alex's and Jonathan's experiences helping users on the forum and seeing the kinds of issues that came up repeatedly there. Joona Hoikkala's helpful acme-dns, which helps subscribers complete the ACME DNS challenge with a dedicated service instead of using an existing DNS server, also helped respond to a common issue that brought many people to the forum.

I would also like to thank Jacob Hoffman-Andrews for his early efforts to set a positive and welcoming tone on the forum. Jacob and other forum administrators always reminded the community to be patient and welcoming to each visitor, emphasizing that the forum was many users' first interaction with Let's Encrypt, and that users ought to be welcomed regardless of their expertise or background (and regardless of whether their questions had been asked before by others).

Detecting Privacy Harms in Digital Identity using Divvi Up

Tue, 06 May 2025 00:00:00 +0000

This post explores thoughts from the Divvi Up engineers working on this topic.

Traditionally, our most authoritative and reliable identity documents are pieces of paper issued by governments, like driver's licenses or passports. But as more and more of our essential interactions, including our dealings with those same governments, move into the digital realm, there's a growing need for government issued credentials to include a digital component that is usable on the Internet. There's also an opportunity for governments to ensure that these digital credentials use state of the art safety mechanisms to prevent privacy abuses of the sort that have become all too common online.

We have been following the development of the EU's digital identity wallet regulations. This initiative aims to enable the use of digitally signed credentials in day-to-day transactions, while ensuring that users maintain control over their own identities, when and how they are used, and the related privacy impacts.

In this scheme, persons would hold a digital wallet which is capable of making promises (called attestations) about the bearer to a relying party, the companies and agencies that request credentials from users. The wallet can selectively attest to the minimal facts required in the current interaction instead of disclosing the bearer's name, photo, birthdate, home address and everything else about them. For example, minors might be forbidden from using social media in some jurisdictions. The social network's app or website could query the wallet to see if the user is over 18 without learning anything else about that person.

This is a nice privacy feature, but it still admits a risk of relying parties asking for more attestations than is necessary, which they can then use to fingerprint and track users even if they can't learn their name.

We might then decide that the government issuer should be required to approve a relying party's queries to user wallets. But this would create new privacy problems: we wouldn't want governments to learn which websites or apps users are authenticating to, as that could leak sensitive information like the user's location, habits or membership in groups. It may also be necessary to allow authentication in offline settings, where neither the wallet nor the relying party is able to reach the issuer's server. For example, you might be tagging into public transit at a remote bus stop where there is no WiFi or cell network coverage.

So we can't enforce reasonable usage in real time. Then we might try restricting which attributes a given relying party is permitted to query from wallets, which could be enforced by wallets without the issuer being in the loop. In the EUDI scheme, this is called a registration certificate. It is issued by governments, and lists what sort of credentials the relying party may request, and for what purpose the information will be used. But according to recently-passed regulations, relying parties will not be required to obtain a registration certificate to request digital credentials.

If we can't prevent relying parties from asking for more information than is necessary, then maybe we can mitigate this privacy risk after the fact by enabling regulators to detect such practices. While relying parties may not have registration certificates that list what information they can request, they still have to show the wallet an access certificate, which identifies the relying party. Thus, each user's wallet has a partial view of what the relying parties are asking for in practice, and if they opt to share this information, they can help their state's privacy regulators fill this blind spot.

So what's missing is a mechanism for anonymous telemetry to be uploaded from digital wallets to regulators. Fortunately, modern cryptography provides us with a solution: private aggregation using multi-party computation (MPC). MPC is a class of techniques in which computations over private data are spread out over multiple, non-colluding servers such that none of them can learn anything except the output of the computation. If the output is an aggregation over many contributions from many wallets, then it won't reveal anything about any individual user's activities, but it will let regulators learn about relying parties engaging in risky or abusive behavior across many users.

The Distributed Aggregation Protocol, developed by the Internet Engineering Task Force's Privacy Preserving Measurement working group, makes private aggregation in MPC practical, at scale, today. Our own Divvi Up service is available to act as one of the non-colluding aggregators in such a scheme, and Janus, our open source DAP implementation, can be used by any organization wishing to privately gather telemetry.

If DAP were applied in this digital identity context, digital wallets would log queries they receive, attributing them to the relying party identified by the access certificates. At some regular interval, or the next time a network connection is available, the wallet would upload a histogram where each bucket contains the number of times a given relying party queried a given user attribute. These histograms would then be split into two halves, each uploaded to one of the two DAP aggregators. These could be operated by governments issuing wallets, privacy regulators, NGOs or any pair of trustworthy, non-colluding entities. Governments issuing wallets to their citizens would have control over which aggregators are used. And of course since the user-controlled wallet is responsible for uploading the reports, the user could simply opt out of telemetry altogether.

This post is a case study in how novel cryptography, open standards and open source software can be used to build a more private Internet without compromising on utility and scalability. But these benefits do not come for free: they are more expensive to operate and great care must be taken when deploying them to ensure the promised safeguards are effective. What makes the problem of digital identity so interesting is that among the various actors involved in building the Internet, governments are uniquely well positioned to mandate safety mechanisms that otherwise would never get built. This transition is a rare opportunity to use exciting new technologies to make the Internet safer for huge numbers of people, and to raise the bar for the design of future systems. A little extraordinary ambition is called for.

Researching the Human Digital Identity Space

Tue, 29 Apr 2025 00:00:00 +0000

Today we are announcing an effort that will allow ISRG to learn about systems for human digital identity. We're partnering with the SIROS Foundation for this exploration, and our work has been generously funded by Stina Ehrensvard, founder of SIROS Foundation and co-founder of Yubico.

ISRG has a wealth of experience in authenticating digital infrastructure via Let's Encrypt. When considering how we might leverage that experience to improve other aspects of our digital lives, we started thinking about various efforts around the world to manage digital identity for humans and whether or not we might be able to help. There's a lot of potential for such systems to make things better and/or easier, but there is also the potential for policy and technology decisions to be harmful. This space presents a potential opportunity for us to further pursue our mission to lower monetary, technological, and informational barriers to a more secure and privacy-respecting Internet.

There are several efforts in the digital identity space to create more robust and privacy-preserving identity options for users. These efforts include mobile drivers' licenses in several U.S. states, Web APIs for managing digital credentials, and efforts under EU laws that encourage the creation of interoperable digital identity across the EU. By engaging in this exploration we hope to build a deeper understanding of potential user identity ecosystems so that we can figure out if there might be a helpful role for ISRG to play in the future, in the U.S. or elsewhere.

ISRG will be participating in research and development for the PKI back-end of SIROS's EU digital identity efforts. Partners include Stina Ehrensvärd, Yubico, and the Swedish and Greek university network organizations. A goal of the SIROS Foundation is to create an EU digital identity system that works for the public's benefit and acts with privacy and security as cornerstone priorities. What happens with digital identity in Europe over the next few years will heavily influence the choices made in the rest of the world, including the United States, so now is the time for us to start learning and helping to push things in the best possible direction.

We expect our effort to last approximately one year. We will not be operating any production infrastructure as part of this collaboration. Any software we produce will be open-sourced for others to learn from and/or use.

Ten Years of Let's Encrypt: Announcing support from Jeff Atwood

Tue, 18 Mar 2025 00:00:00 +0000

As we touched on in our first blog post highlighting ten years of Let's Encrypt: Just as remarkable to us as the technical innovations behind proliferating TLS at scale is, so too is the sustained generosity we have benefited from throughout our first decade.

With that sense of gratitude top of mind, we are proud to announce a contribution of $1,000,000 from Jeff Atwood. Jeff has been a longtime supporter of our work, beginning many years ago with Discourse providing our community forum pro bono; something Discourse still provides to this day. As best we can tell, our forum has helped hundreds of thousands of people get up and running with Let's Encrypt---an impact that has helped billions of people use an Internet that's more secure and privacy-respecting thanks to widely adopted TLS.

When we first spoke with Jeff about the road ahead for Let's Encrypt back in 2023, we knew a few things wouldn't change no matter how the Internet changes over the next decade:

Free TLS is the only way to ensure it is and remains accessible to as many people as possible.
Let's Encrypt is here to provide a reliable, trusted, and sound service no matter the scale.
Generosity from our global community of supporters will be how we sustain our work.

We're proud that Jeff not only agrees, but has chosen to support us in such a meaningful way. In discussing how Jeff might want us to best celebrate his generosity and recognize his commitment to our work, he shared:

Let's Encrypt is a golden example of how creating inalienable good is possible with the right approach and the right values. And while I'm excited about the work Let's Encrypt has done, I am eager to see their work continue to keep up with the growing Web; to sustain encryption for everybody at Internet scale. To do so is going to take more than me—it's going to take a community of people committed to this work. I am confident Let's Encrypt is a project that deserves all of our support, in ways both large and small.

Indeed, this contribution is significant because of its scale, but more importantly because of its signal: a signal that supporting the not-so-glamorous but oh-so-nerdy work of encryption at scale matters to the lives of billions of people every day; a signal that supporting free privacy and security afforded by TLS for all of the Internet's five billion users just makes sense.

Ten years ago we set out to build a better Internet through easy to use TLS. If you or your organization have supported us throughout the years, thank you for joining Jeff in believing in the work of Let's Encrypt. For a deeper dive into the impact of Let's Encrypt and ISRG's other projects, take a look at our most recent annual report.

Let's Encrypt is a project of the nonprofit Internet Security Research Group, a 501(c)(3) nonprofit committed to protecting Internet users by lowering monetary, technological, and informational barriers to a more secure and privacy-respecting Internet. For more, visit abetterinternet.org. Press inquiries can be sent to press@abetterinternet.org

How Prossimo's Risk and Opportunity Criteria Help Us Plan

Tue, 04 Mar 2025 00:00:00 +0000

Prossimo's primary goal is to move the Internet's most security-sensitive software infrastructure to memory safe code. Many of the most critical software vulnerabilities are memory safety issues in C and C++ code, and while there are ways to reduce the risk, including fuzzing and static analysis, memory safety vulnerabilities continue to plague the Internet.

The good news is that with the rare exception of code that must be written in assembly for performance and/or security reasons (e.g. cryptographic routines), we know how to get rid of memory safety vulnerabilities entirely: write code in languages that don't allow for those kinds of mistakes. It's a more or less solved research problem, and as such we don't need to suffer from this kind of thing any more. It can be relegated to the past like smallpox, we just have to do the work.

We recognize that it will be a lot of work to move significant portions of the Internet's C and C++ software infrastructure to memory safe code, but the Internet will be around for a long time. There is time for ambitious efforts to pay off. The relevant stakeholders certainly have the resources to do this for the most critical software out there. By being smart about our initial investments and focusing on the most critical components, we can start seeing significant returns within a few years.

We don't do our work alone. We get advice from community members, and most of the work we facilitate is done by open source maintainers and contractors. Our role is to provide strategic planning, facilitation, and communication. We identify high impact projects, build and maintain relationships with open source maintainers and funders, help develop plans, coordinate the work, and communicate information about the work to the public and our partners.

In order to achieve the positive impact we're aiming for, the first thing we need to do is identify work that is both high impact and efficiently achievable. We do this at Prossimo with two different sets of criteria. It's important to note that our criteria are just one way of approaching this kind of work - other people and organisations might have different criteria that work well for them. This is not a situation in which there is a single correct way of looking at things.

Risk Criteria

The first set of criteria are our risk criteria. These inform us about the level of risk that a software component represents. These are not the only things we consider, but we're trying to keep it somewhat simple conceptually and these things are at the top of our list.

Very widely used (nearly every server and/or client)
On a security boundary (e.g. network boundary, privilege boundary)
Performing a critical function

The first criterion here, widespread use, addresses a single but important aspect of determining the severity of a vulnerability. When something is widely used, there is more surface area across the Internet for attackers to choose from and more systems to exploit.

The second criterion, on a security boundary, relates the fact that usually an attacker is trying to get from one position to another and must cross a boundary to get there. The closer software is to receiving data from untrusted networks like the Internet, the easier it is to exploit and, typically, the more value there is in exploitation. Privilege boundaries are often hard to exploit in terms of opportunity, but the consequences of exploitation can be more devastating. An example might be a vulnerability in a utility like sudo and it's why we invested in a memory safe implementation of sudo.

The third criterion is another one focused on severity. Exploits in software performing critical functions are usually (though not always) more negatively impactful than exploits in software performing less important functions.

It's important to note that our criteria differs from approaches based primarily on historical analysis of where we've already seen concentrations of memory safety vulnerabilities. Prioritizing work based on historical vulnerability analysis is important - we need to address known problems in the software we depend on! However, this work already gets a lot of attention, it's almost purely reactive, and it often gives too much weight to volume over severity. We think Prossimo has the most to offer by looking ahead a bit and working on some of the more difficult investments in memory safety that we ought to be making.

To boil all of this down to a single sentence... Widely used software performing critical functions on network boundaries is, in our opinion, a set of software with a lot of opportunity for high impact vulnerabilities.

To give a specific example of the kind of thing we are trying to avoid in the future: Heartbleed. It matches these criteria almost perfectly. People had every reason to believe that OpenSSL was dangerously vulnerable prior to Heartbleed, but only after this momentous vulnerability did the relevant stakeholders engage in a campaign to shore things up (still, a decade later, OpenSSL has suffered five more memory safety vulnerabilities in the past year alone). That campaign was important - OpenSSL's security properties needed to be improved - but going forward we can and should just prevent that kind of thing from happening in the first place.

Opportunity Criteria

Our second set of criteria helps us understand where we have the most opportunity to make a difference. Just because something is high risk doesn't mean we have the ability to do something about it with the kind of efficient investments we're able to make.

Is this a library or component that can be used in many different projects?
Can we efficiently replace key components with existing memory safe libraries?
Are funders willing to fund the work?
Are the maintainers on board and cooperative?
Are we aware of likely significant adopters?

The first criterion here raises the question of whether we would be able to apply the results of an investment to many different projects. An example would be a TLS library like Rustls that can be "plugged in" to many different applications.

The second criterion sort of reverses the question raised by the first - is this a piece of software in which we can simply replace certain critical components with memory safe ones. In other words, can we take a modular approach to this and take advantage of existing memory safe libraries.

The third criterion probably needs the least explanation - is anyone willing to pay for the work? We seek funding from companies who understand the urgency to move toward a memory safe software stack and visionary funders like Craig Newmark who seek a positive societal impact.

The fourth criterion refers to the fact that it's very difficult to modify existing software if the maintainers are not on board and cooperative. If they are not, we either can't do our work or we would need to engage in a much more costly rewrite. Sometimes a rewrite is the right thing to do, but it's definitely something to consider up front.

The fifth criterion has to do with how quickly we think something might get adopted. Adoption is hard for most new software, and it's particularly difficult when we're talking about making changes in low-level Internet infrastructure software. We're prepared to deal with long adoption timelines, most of what we do will take years to get strong adoption, but if we have a chance to get an accelerated timeline that's something worth considering.

Conclusion

These criteria really get to the heart of what we're trying to do with Prossimo. Hopefully this post has helped to understand them more clearly.

We've helped to build some great software, like the Rustls TLS library, Hickory DNS, a memory safe NTP implementation, and a memory safe implementation of sudo. If you run software like this, we encourage you to try these implementations out.

If you're interested in updates on our memory safety work, please subscribe to the mailing list below.

We Issued Our First Six Day Cert

Thu, 20 Feb 2025 00:00:00 +0000

Earlier this year we announced our intention to introduce short-lived certificates with lifetimes of six days as an option for our subscribers. Yesterday we issued our first short-lived certificate. You can see the certificate at the bottom of our post, or here thanks to Certificate Transparency logs. We issued it to ourselves and then immediately revoked it so we can observe the certificate's whole lifecycle. This is the first step towards making shorter-lived certificates available to all subscribers.

The next step is for us to make short-lived certificates available to a small set of our subscribers so we can make sure our systems scale as expected prior to general availability. We expect this next phase to begin during Q2 of this year.

We expect short-lived certificates to be generally available by the end of this year.

How To Get Six-Day Certificates

Once short-lived certificates are an option for you, you'll need to use an ACME client that supports ACME certificate profiles and select the short-lived certificate profile ("shortlived"). The lego client recently added this functionality.

In the meantime, the best way to prepare to take advantage of short-lived certificates is to make sure your ACME client is reliably renewing certificates in an automated fashion. If that's working well then there should be no costs to switching to short-lived certificates.

You'll also want to be sure your ACME client is running frequently - both for the sake of renewing short-lived certificates and so as to take advantage of ACME Renewal Information (ARI). ARI allows Let's Encrypt to notify your client if it should renew early for some reason. ARI checks should happen at least once per day, and short-lived certificates should be renewed every two to three days, so we recommend having your client run at least once per day.

Shorter Certificate Lifetimes Are Good for Security

When the private key associated with a certificate is compromised, the recommendation has always been to have the certificate revoked so that people will know not to use it. Unfortunately, certificate revocation doesn't work very well. This means that certificates with compromised keys (or other issues) may continue to be used until they expire. The longer the lifetime of the certificate, the longer the potential for use of a problematic certificate.

The primary advantage of short-lived certificates is that they greatly reduce the potential compromise window because they expire relatively quickly. This reduces the need for certificate revocation, which has historically been unreliable. Our six-day certificates will not include OCSP or CRL URLs. Additionally, short-lived certificates practically require automation, and we believe that automating certificate issuance is important for security.

Questions

If you have questions or comments about our plans, feel free to let us know on our community forums.

We'd like to thank Open Technology Fund for supporting this work.

Our First 6-Day Certificate

PEM format:

openssl x509 -text output:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:b0:b0:15:c1:a4:e2:64:16:11:73:1a:71:1b:71:1d:e0:ef
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E6
        Validity
            Not Before: Feb 19 17:30:01 2025 GMT
            Not After : Feb 26 09:30:00 2025 GMT
        Subject:
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:28:48:8b:6d:d9:5d:5a:a1:c2:39:77:1a:ca:47:
                    c8:8b:7e:69:b4:2a:25:6f:3a:18:b0:28:1c:b3:bb:
                    69:0b:78:2e:c2:d0:17:5f:02:0b:70:74:80:9d:92:
                    e1:21:01:7a:24:85:72:ea:e8:33:59:66:09:a1:e5:
                    3e:1f:95:5c:19
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier:
                93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2
            Authority Information Access:
                OCSP - URI:http://e6.o.lencr.org
                CA Issuers - URI:http://e6.i.lencr.org/
            X509v3 Subject Alternative Name: critical
                DNS:helloworld.letsencrypt.org
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Feb 19 18:28:32.078 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:53:5D:E7:54:DF:48:D8:89:AC:EF:B6:F7:
                                8B:78:F4:2E:40:35:CE:28:0B:B8:13:53:37:FB:C6:79:
                                4D:96:12:AC:02:21:00:C2:2E:61:7E:20:BD:4A:C2:8B:
                                C6:54:D0:D2:C7:2D:53:18:4B:99:D6:21:E3:4A:FA:10:
                                25:90:4B:FC:96:C3:60
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E0:92:B3:FC:0C:1D:C8:E7:68:36:1F:DE:61:B9:96:4D:
                                0A:52:78:19:8A:72:D6:72:C4:B0:4D:A5:6D:6F:54:04
                    Timestamp : Feb 19 18:28:32.147 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:AC:D8:DB:99:21:42:25:A0:E6:87:D6:
                                DF:5E:5C:32:9B:F1:B8:E8:58:44:81:3E:C2:B8:8B:60:
                                71:32:F1:08:B3:02:21:00:E3:0D:69:03:72:AF:56:24:
                                CE:B7:0D:53:3D:79:A8:65:74:A1:52:E0:E4:12:4D:FA:
                                29:16:C5:73:9D:71:11:C5
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:30:30:0d:ab:2e:c6:d3:d0:08:c3:35:dc:77:b4:8d:
        97:bb:85:c2:10:be:c6:57:dd:ba:fa:75:3d:e1:03:1d:cf:c5:
        03:d2:b7:99:16:24:19:7b:8a:b7:33:5d:3a:1e:f0:70:02:31:
        00:b8:c4:30:39:81:42:2c:17:6c:1e:38:ee:81:a4:69:90:1e:
        d2:ba:b1:03:71:2d:35:5e:70:8f:4a:1b:78:e6:e5:ba:3f:cd:
        81:4b:15:10:6f:4e:aa:20:48:a2:08:05:47

Encryption for Everybody

Fri, 14 Feb 2025 00:00:00 +0000

2025 marks ten years of Let's Encrypt. Already this year we've taken steps to continue to deliver on our values of user privacy, efficiency, and innovation, all with the intent of continuing to deliver free TLS certificates to as many people as possible; to deliver encryption for everybody.

And while we're excited about the technical progress we'll make this year, we're also going to celebrate this tenth anniversary by highlighting the people around the world who make our impact possible. It's no small village.

From a community forum that has provided free technical support, to our roster of sponsors who provide vital funding, to the thousands of individual supporters who contribute financially to Let's Encrypt each year, free TLS at Internet scale works because people have supported it year in, year out, for ten years.

Each month we'll highlight a different set of people behind our "everybody." Who do you want to see us highlight? What use cases of Let's Encrypt have you seen that amazed you? What about our work do you hope we'll continue or improve as we go forward? Let us know on LinkedIn, or drop a note to outreach@letsencrypt.org.

Encryption for Everybody is our unofficial tagline for this tenth anniversary year. What we love about it is that, yes, it captures our commitment to ensuring anyone around the world can easily get a cert for free. But more importantly, it captures the reality that technical innovation won't work without people believing in it and supporting it. We're grateful that, for ten years (and counting!), our community of supporters has made an impact on the lives of billions of Internet users---an impact that's made the Web more secure and privacy respecting for everybody, everywhere.

Internet Security Research Group (ISRG) is the parent organization of Let's Encrypt, Prossimo, and Divvi Up. ISRG is a 501(c)(3) nonprofit. If you'd like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.

A Note from our Executive Director

Wed, 11 Dec 2024 00:00:00 +0000

This letter was originally published in our 2024 Annual Report.

The past year at ISRG has been a great one and I couldn’t be more proud of our staff, community, funders, and other partners that made it happen. Let’s Encrypt continues to thrive, serving more websites around the world than ever before with excellent security and stability. Our understanding of what it will take to make more privacy-preserving metrics more mainstream via our Divvi Up project is evolving in important ways.

Prossimo has made important investments in making software critical infrastructure safer, from TLS and DNS to the Linux kernel.

Next year is the 10th anniversary of the launch of Let’s Encrypt. Internally things have changed dramatically from what they looked like ten years ago, but outwardly our service hasn’t changed much since launch. That’s because the vision we had for how best to do our job remains as powerful today as it ever was: free 90-day TLS certificates via an automated API. Pretty much as many as you need. More than 500,000,000 websites benefit from this offering today, and the vast majority of the web is encrypted.

Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before - short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

Because we’ve done so much to encourage automation over the past decade, most of our subscribers aren’t going to have to do much in order to switch to shorter lived certificates. We, on the other hand, are going to have to think about the possibility that we will need to issue 20x as many certificates as we do now. It’s not inconceivable that at some point in our next decade we may need to be prepared to issue 100,000,000 certificates per day.

That sounds sort of nuts to me today, but issuing 5,000,000 certificates per day would have sounded crazy to me ten years ago. Here’s the thing though, and this is what I love about the combination of our staff, partners, and funders - whatever it is we need to do to doggedly pursue our mission, we’re going to get it done. It was hard to build Let’s Encrypt. It was difficult to scale it to serve half a billion websites. Getting our Divvi Up service up and running from scratch in three months to service exposure notification applications was not easy. Our Prossimo project was a primary contributor to the creation of a TLS library that provides memory safety while outperforming its peers - a heavy lift.

Charitable contributions from people like you and organizations around the world make this stuff possible. Since 2015, tens of thousands of people have donated. They’ve made a case for corporate sponsorship, given through their DAFs, or set up recurring donations, sometimes to give $3 a month. That’s all added up to millions of dollars that we’ve used to change the Internet for nearly everyone using it. I hope you’ll join these people and help lay the foundation for another great decade.

Josh Aas
Executive Director

Ending OCSP Support in 2025

Thu, 05 Dec 2024 00:00:00 +0000

Earlier this year we announced our intent to provide certificate revocation information exclusively via Certificate Revocation Lists (CRLs), ending support for providing certificate revocation information via the Online Certificate Status Protocol (OCSP). Today we are providing a timeline for ending OCSP services:

January 30, 2025
- OCSP Must-Staple requests will fail, unless the requesting account has previously issued a certificate containing the OCSP Must Staple extension
May 7, 2025
- Prior to this date we will have added CRL URLs to certificates
- On this date we will drop OCSP URLs from certificates
- On this date all requests including the OCSP Must Staple extension will fail
August 6, 2025
- On this date we will turn off our OCSP responders

Additionally, a very small percentage of our subscribers request certificates with the OCSP Must Staple Extension. If you have manually configured your ACME client to request that extension, action is required before May 7. See "Must Staple" below for details.

OCSP and CRLs are both mechanisms by which CAs can communicate certificate revocation information, but CRLs have significant advantages over OCSP. Let's Encrypt has been providing an OCSP responder since our launch nearly ten years ago. We added support for CRLs in 2022.

Websites and people who visit them will not be affected by this change, but some non-browser software might be.

We plan to end support for OCSP primarily because it represents a considerable risk to privacy on the Internet. When someone visits a website using a browser or other software that checks for certificate revocation via OCSP, the Certificate Authority (CA) operating the OCSP responder immediately becomes aware of which website is being visited from that visitor's particular IP address. Even when a CA intentionally does not retain this information, as is the case with Let's Encrypt, CAs could be legally compelled to collect it. CRLs do not have this issue.

We are also taking this step because keeping our CA infrastructure as simple as possible is critical for the continuity of compliance, reliability, and efficiency at Let's Encrypt. For every year that we have existed, operating OCSP services has taken up considerable resources that can soon be better spent on other aspects of our operations. Now that we support CRLs, our OCSP service has become unnecessary.

Must Staple

Because of the privacy issues with OCSP, browsers and servers implement a feature called "OCSP Stapling", where the web server sends a copy of the appropriate OCSP response during the TLS handshake, and the browser skips making a request to the CA, thus better preserving privacy.

In addition to OCSP Stapling (a TLS feature negotiated at handshake time), there's an extension that can be added to certificates at issuance time, colloquially called "OCSP Must Staple." This tells browsers that, if they see that extension in a certificate, they should never contact the CA about it and should instead expect to see a stapled copy in the handshake. Failing that, browsers should refuse to connect. This was designed to solve some security problems with revocation.

Let's Encrypt has supported OCSP Must Staple for a long time, because of the potential to improve both privacy and security. However, Must Staple has failed to get wide browser support after many years. And popular web servers still implement OCSP Stapling in ways that create serious risks of downtime.

As part of removing OCSP, we'll also be removing support for OCSP Must Staple. CRLs have wide browser support and can provide privacy benefits to all sites, without requiring special web server configuration. Thanks to all our subscribers who have helped with the OCSP Must Staple experiment.

If you are not certain whether you are using OCSP Must Staple, you can check this list of hostnames and certificate serials (11.1 MB, .zip).

As of January 30, 2025, issuance requests that include the OCSP Must Staple extension will fail, unless the requesting account has previously issued a certificate containing the OCSP Must Staple extension.

As of May 7, all issuance requests that include the OCSP Must Staple extension will fail, including renewals. Please change your ACME client configuration to not request the extension.

Intent to End OCSP Service

Tue, 23 Jul 2024 00:00:00 +0000

Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible. OCSP and CRLs are both mechanisms by which CAs can communicate certificate revocation information, but CRLs have significant advantages over OCSP. Let's Encrypt has been providing an OCSP responder since our launch nearly ten years ago. We added support for CRLs in 2022.

Websites and people who visit them will not be affected by this change, but some non-browser software might be.

In August of 2023 the CA/Browser Forum passed a ballot to make providing OCSP services optional for publicly trusted CAs like Let's Encrypt. With one exception, Microsoft, the root programs themselves no longer require OCSP. As soon as the Microsoft Root Program also makes OCSP optional, which we are optimistic will happen within the next six to twelve months, Let's Encrypt intends to announce a specific and rapid timeline for shutting down our OCSP services. We hope to serve our last OCSP response between three and six months after that announcement. The best way to stay apprised of updates on these plans is to subscribe to our API Announcements category on Discourse.

We recommend that anyone relying on OCSP services today start the process of ending that reliance as soon as possible. If you use Let's Encrypt certificates to secure non-browser communications such as a VPN, you should ensure that your software operates correctly if certificates contain no OCSP URL. Fortunately, most OCSP implementations "fail open" which means that an inability to fetch an OCSP response will not break the system.

Kristin Berdan joins ISRG as new General Counsel

Thu, 16 May 2024 00:00:00 +0000

We are thrilled to announce that Kristin Berdan is ISRG’s new General Counsel. With her unique and varied legal career and her passion for Internet security, she is a great fit for our organization.

Kristin's journey through the legal profession has been neither linear nor conventional. With an undergraduate focus on extremist politics and terrorism, she initially pursued law school to better understand the systems and institutions that such groups challenge. This led her to a deep interest in intellectual property and international law. She received her Juris Doctor from the University of California at Davis, whose proximity to Silicon Valley led Kristin to a succession of tech-related legal roles across government, academia, and private industry.

Reflecting on her achievements, Kristin views her career as a series of opportunities to contribute positively to the world, from supporting engineers at Lawrence Berkeley National Lab to researching digital threats at Citizen Lab and UC Berkeley, and helping build Internet infrastructure at Google.

When asked about her move to ISRG, Kristin shared: “I knew of ISRG and Let's Encrypt through my previous work in Internet infrastructure, and when the position for General Counsel became available, I knew it was the perfect opportunity for me. ISRG’s commitment to reducing barriers for secure communication over the Internet aligns seamlessly with my career goals and personal values.”

Kristin’s excitement about her role is palpable, especially when discussing the projects that energize her: “I’m always excited to learn new things about how the Internet works, and this job provides me with plenty of opportunities for that! Let’s Encrypt is fascinating as Certificate Authorities are such a core element of securing Internet communications. Divvi Up is at the frontier of a new way to collect and aggregate metrics in a privacy-preserving way. And having seen firsthand the danger that memory unsafe code poses to the global Internet, I’m happy to be part of the Prossimo work that is dedicated to promoting memory safety.”

As ISRG’s first General Counsel, Kristin is confident that her work will continue to be novel and fascinating, and beneficial to the Internet being global, free, and secure for everyone. We’re so glad to have Kristin on board!

White House, Craig Newmark Support Memory Safe Software

Tue, 12 Mar 2024 00:12:00 +0000

Initial signs point to 2024 being a big year for memory safety and we aim to continue Prossimo's work to accelerate the momentum.

Last month, the White House's Office of the National Cyber Director (ONCD) issued a report that strongly endorses the use of memory safe languages. We've been formally working on improving memory safety for critical Internet infrastructure for years now and are proud to be the only 501c3 nonprofit referenced in this report. The report highlights a few points that are well-aligned with Prossimo's outlook:

Now is the time to make memory safe choices since it effectively solves an avoidable problem,
There is clear evidence that switching to memory safe languages has a positive impact on digital security, and
Everything everywhere doesn't need to be re-written; instead take a tactical approach that prioritizes security-sensitive functions.

The positive industry response to the report is encouraging as well. "Memory safety vulnerabilities pose a significant security risk to software systems and are a root cause of many of the most damaging cyberattacks. To address this, we need to adopt memory safe programming languages for new applications and rewrite code using modern memory safe languages with secure development practices from the start. We're pleased to see the ONCD raise this issue because the integrity of the global software supply chain is critical for national and international security," said John Delmare, Global Cloud and Security Application Lead, Accenture.

We also received a vote of confidence from one of cybersecurity's most influential philanthropists: Craig Newmark. Craig Newmark Philanthropies renewed a grant for $100,000 to support Prossimo's efforts toward better memory safety in critical open source software. Since its founding, 100% of Prossimo's funding has come from contributions, and support from industry leaders like Craig Newmark continues to sustain our momentum across a wide range of initiatives:

Sudo/su: A trimmed down, memory safe version of Sudo/su is ready for use in Fedora and Debian.

Rustls: This memory safe TLS library has a strong culture and practice of benchmarking for improved performance and initial indicators show it will surpass OpenSSL on a variety of metrics this year. In addition, Rustls now has a FIPS-certified cryptography library and will soon land an OpenSSL compatibility layer, making the transition from OpenSSL seamless. The world has needed a better TLS library for a long time, and 2024 will be the year for Rustls to step up.

Reverse Proxy: Nearly every big deployment on the Internet uses a reverse proxy and that needs to be memory safe. We are building just that on top of Cloudflare's recently open sourced Pingora framework. It's called River and it will have many improvements including and beyond memory safety.

AV1: Media decoders are some of the most prolific sources of memory safety vulnerabilities (see the recent WebP vulnerability). We're working to create a suite of media decoders and compression libraries that are safer without sacrificing performance, which is critical for adoption. We're currently developing a safer AV1 decoder and we're seeing strong interest in adoption from major companies.

We're excited by the growing community invested in building a memory safe future. If you or your organization is interested in helping us get there, please reach out at sponsor@abetterinternet.org

Our first FOSDEM

Fri, 09 Feb 2024 00:00:00 +0000

The Free and Open Source Developers' European Meeting, or FOSDEM is a massive, free conference that takes place in Brussels, Belgium each year. It began in 2000 and has a reputation for being 1) packed with more than 5,000 people, 2) jam-packed with a huge amount of talks in just two days, and 3) somehow, amongst the crowds and drizzle, an experience that leaves you feeling hopeful about the good free and open software can create for people all around the world.

Our FOSDEM stand

2024 was our very first FOSDEM. For many of the folks we met, it was their first time seeing Let's Encrypt somewhere other than their computer screen. The takeaway? A lot of people know about and appreciate Let's Encrypt.

From "you made my life so much easier" to "honestly I can't even believe I used to manually do all of this," we had the opportunity to hear from nearly 2,000 people in the span of two days. For a conference where conversational nuances about technical quirks and niche ideas abound, we also heard the sentiment, "You made it so easy to solve this problem and it just works, there's nothing to talk about!" Au contraire, mon ami.

We didn't attend FOSDEM just representing Let's Encrypt but also its parent nonprofit, ISRG and two sibling projects, Divvi Up and Prossimo. It was wonderful to be able to share a bit more about how we're advancing our mission of building a more secure and privacy-respecting Web. If you, like a few folks we talked to, aren't up to speed on ISRG, take a read through our 2023 annual report.

We were able to meet longtime Prossimo collaborators from Tweede golf, Marlon Baeten and Marc Schoolderman (left), and a Let's Encrypt advocate, Antonios Chariton (daknob) (right)

In this post-pandemic world where gathering together takes on a whole new calculus, FOSDEM was a uniquely refreshing experience; not because everything was polished and perfect (for a while, our QR code pictured below wasn't working!); not because the February weather in Belgium is idyllic; but because this conference lets an often overlooked part of tech and software shine: the people behind it.

We left FOSDEM feeling so proud of our teams' and community's work and grateful for the chance to spend some time face-to-face with so many folks in our global community. Thank you to the dedicated all-volunteer crew who made FOSDEM such a meaningful experience!

Public benefit Internet infrastructure is not a “one-and-done” project

Wed, 03 Jan 2024 00:00:00 +0000

This past year we celebrated 10 years of continuous service to the community, providing free, open and automated digital certificates, creating a more secure and privacy-respecting Web for users all over the world. In that time, we have seen demand for Let's Encrypt certificates continue to grow year on year, so that now Let's Encrypt provides certificates to more than 360 million websites worldwide.

When Internet Security Research Group (ISRG) was founded, all of its financial support came from a handful of visionary tech companies and nonprofits.

We are extremely grateful to our pioneering financial sponsors, Akamai, Cisco, Gemalto, HPE, Meta, Mozilla, Google, OVHcloud, Internet Society, Shopify, Hostpoint, SiteGround, Cyon, IdenTrust, Vultr, Automattic, Electronic Frontier Foundation, infomaniak, PlanetHoster, and Discourse. They recognized from the outset the immense value to society in funding an organization that would serve as a dedicated home for critical public benefit Internet infrastructure and services. Without their financial support, ISRG may not have existed, and millions of websites might still be unencrypted.

We also wish to thank all the individuals, corporations, foundations, funds, and nonprofit organizations that have provided financial support for the continuing and evolving operation of Let's Encrypt, as well as for ISRG's newer projects to develop memory safe versions of crucial Internet infrastructure software (Prossimo) and to provide privacy-respecting application metrics (Divvi Up).

Today, ISRG is proud to be financially sponsored by more than 80 organizations and thousands of individuals from all over the world. In addition, ISRG has also received grants from the Ford Foundation, The Open Tech Fund, Comcast Innovation Fund, Bill & Melinda Gates Foundation, OpenSSF, The Sovereign Tech Fund, the Internet Society Foundation, and Robert Wood Johnson Foundation.

Fundraising is never easy, and counterintuitively, especially when it comes to ongoing activities that have gone from success to success. Yet, public benefit Internet infrastructure is not a "once and done" project -- billions of people all over the world depend on that infrastructure continuing to be available, secure, resilient, and maintained. And even as Internet encryption has evolved to provide stronger security on the Internet, so have the threats to communication confidentiality and user privacy, requiring continued innovation from organizations like ISRG.

Thanks to the hard work of ISRG's fundraising team and the tireless support of our community, ISRG's financial supporters continue to grow and diversify.

As we enter our 11th year, we would like to see even more organizations contributing to ISRG's future financial sustainability and promoting the value of investing in infrastructure that improves security and privacy on the Internet for all users all over the world.

A Year-End Letter from our Vice President

Thu, 28 Dec 2023 00:00:00 +0000

This letter was originally published in our 2023 Annual Report.

We typically open our annual report with a letter from our Executive Director and co-founder, Josh Aas, but he's on parental leave so I'll be filling in. I've run the Brand & Donor Development team at ISRG since 2016, so I've had the pleasure of watching our work mature, our impact grow, and I've had the opportunity to get to know many great people who care deeply about security and privacy on the Internet.

One of the biggest observations I've made during Josh's absence is that all 23 people who work at ISRG fall into that class of folks. Of course I was a bit nervous as Josh embarked on his leave to discover just how many balls he has been keeping in the air for the last decade. Answer: it's a lot. But the roster of staff that we've built up made it pretty seamless for us to keep moving forward.

Let's Encrypt is supporting 40 million more websites than a year ago, bringing the total to over 360 million. The engineering team has grown to 12 people who are responsible for our continued reliability and ability to scale. But they're not maintaining the status quo. Let's Encrypt engineers are pushing forward our expectations for ourselves and for the WebPKI community. We've added shorter-lived certificates to our 2024 roadmap. We're committing to this work because sub-10 day certificates significantly reduce the impact of key compromise and it broadens the universe of people who can use our certs. In addition, the team started an ambitious project to develop a new Certificate Transparency implementation because the only existing option cannot scale for the future and is prone to operational fragility. These projects are led by two excellent technical leads, Aaron Gable and James Renken, who balance our ambition with our desire for a good quality of life for our teams.

Prossimo continues to deliver highly performant and memory safe software and components in a world that is increasingly eager to address the memory safety problem. This was evidenced by participation at Tectonics, a gathering we hosted which drew industry leaders for invigorated conversation. Meanwhile, initiatives like our memory safe AV1 decoder are in line to replace a C version in Google Chrome. This change would improve security for billions of people. We're grateful to the community that helps to guide and implement our efforts in this area, including Dirkjan Ochtman, the firms Tweede golf and Ferrous Systems, and the maintainers of the many projects we are involved with.

Our newest project, Divvi Up, brought on our first two subscribers in 2023. Horizontal, a small international nonprofit serving Human Rights Defenders, will be collecting privacy-preserving telemetry metrics about the users of their Tella app, which people use to document human rights violations. Mozilla is using Divvi Up to gain insight into aspects of user behavior in the Firefox browser. It took a combination of focus and determination to get us to a production-ready state and our technical lead, Brandon Pitman, played a big role in getting us there.

We hired Kristin Berdan to fill a new role as General Counsel and her impact is already apparent within our organization. She joins Sarah Heil, our CFO, Josh, and me in ISRG leadership.

Collectively, we operate three impactful and growing projects for $7 million a year. This is possible because of the amazing leadership assembled across our teams and the ongoing commitment from our community to validate the usefulness of our work. As we look toward 2024 and the challenges and opportunities that face us, I ask that you join us in building a more secure and privacy respecting Internet by sponsoring us, making a donation or gift through your DAF, or sharing with the folks you know why security and privacy matter to them.

Tectonics 2023: a Productive Convening to Accelerate Memory Safety

Fri, 03 Nov 2023 00:00:00 +0000

We are so pleased to share that Tectonics was an invigorating and productive convening on how to advance memory safety. Leaders like Window Snyder, Doug Gregor, David Weston, and Fiona Krakenbürger joined many others for a day-long conversation. We are grateful to everyone who joined us.

A few initial observations struck me from the day's conversations:

We set out to make yesterday's conversation a "2.0", which moved past the discussion of the problem to focus on solutions. I was pleased with how many stories of experience were shared; it was a reminder of how much great progress has already been made.
There were perspectives coming from practitioners, policy makers, advocacy folks, and people in a position to make engineering priority decisions, and participants really valued hearing how others are using their skills and energy to tackle this enormous challenge.
Improving memory safety is not just a technological challenge. The day's conversations were a good reminder that people are at the heart of changing how security-sensitive software is written, used, and thought about.

We made a decision early on in the planning of Tectonics to create a format that allowed for in-depth conversation by breaking attendees into three-hour tracks focused on a specific topic. We'd like to especially thank our track leaders, Alex Gaynor, Paul Kehrer, Bob Lord, Eric Mill, Siddarth Pandit, Arlie Davis, Dirkjan Ochtman, and Florian Gilcher, whose guidance made the track format so productive.

We'd also like to thank our event sponsors, Ford Foundation, Google, Tweede golf, and Heroku for making this day possible.

Our next step for Tectonics will be to compile pages of notes from the day into a series of readouts that we'll publish in the weeks ahead. To be sure you receive these and other updates from ISRG, subscribe to our newsletter.

All of our work, including Tectonics, is made possible thanks to financial support from the people and companies who value better security and privacy for the Internet. Internet Security Research Group (ISRG) is the parent organization of Prossimo, Let's Encrypt, and Divvi Up. ISRG is a 501(c)(3) nonprofit. If you'd like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.

10 Years of Building a Better Internet

Mon, 30 Oct 2023 00:00:00 +0000

I joined the Board of Internet Security Research Group (ISRG) in 2018 and became Board Chair last year, 2022. In those five years I've been honored to witness and be a part of ISRG providing a trusted, reliable and sustainable home for public-benefit digital infrastructure projects. As ISRG celebrates the 10th anniversary of its founding, I wanted to reflect on our impact.

ISRG has significantly enhanced the security and privacy of the Internet for users all over the world, through its Let's Encrypt certificate authority. Today, we almost take for granted that websites will use HTTPS to protect our interactions, and browsers have adapted to that reality by switching from notifying users when a website uses HTTPS to when it doesn't. Ten years ago, less than one third of websites were using HTTPS, even websites that handled personal data.

Let's Encrypt was a game-changer for Internet security for three simple reasons: websites could obtain SSL/TLS certificates without charge, using an automated process, and from a trusted source supported by the community as a provider of public-benefit Internet infrastructure for anyone in the world. Its great success can also be attributed to ISRG's ability to rapidly scale up its services, so that today Let's Encrypt provides certificates to more than 300 million websites.

Further, ISRG is all about community and ensuring that open-source Internet security software is used, maintained and secure. ISRG has shown that public-interest (or public-benefit) organizations provide societal value well above and beyond their individual achievements. Let's Encrypt has inspired other Internet security open-source efforts like Sigstore, an open-source initiative to provide trusted authenticity of open-source software. It has inspired commercial operators to offer the same services to the public, free and automated certificates, and has helped ensure overall trust in the digital certificate ecosystem.

ISRG's impact on the Internet does not stop there.

Through Prossimo, ISRG is on the leading edge of efforts to reduce security vulnerabilities in critical Internet infrastructure caused by memory-unsafe code, by working with the open-source community to develop new software using memory-safe programming languages. One notable example is the work on Rustls, a memory-safe implementation of the TLS protocol. TLS is widely used all over the Internet to encrypt communications, including websites, email, messaging and video conferencing so an exploited vulnerability due to lack of memory safety could cause wide-scale harm.

Divvi Up emerged from the work that ISRG and partners undertook to collect and analyze aggregate COVID-19 exposure notification app metrics. Through Divvi Up, ISRG will provide a more secure and privacy-respecting way for online services to collect user metrics that will hopefully help put an end to pervasive online tracking.

I'm grateful to be the Board Chair of this critical nonprofit as we celebrate the milestone of our 10th anniversary. Given all ISRG has accomplished in just this first decade, I look forward to seeing the many years ahead of their continued work to make the Internet more secure for everyone across the globe.

ISRG is a 501(c)(3) nonprofit organization that is 100% supported through the generosity of those who share our vision for ubiquitous, open Internet security. If you'd like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.

Prossimo announces Tectonics: an event to shift the work of memory safety forward

Wed, 26 Jul 2023 00:00:00 +0000

Not all that long ago, the idea of rewriting much of the Internet's critical software to make it memory safe was, if thought about at all, quickly dismissed as an unrealistic endeavor. And while this idea may still be ambitious today, there's momentum towards shifting the focus from dialogue to planning and execution.

That momentum inspired us to come up with Tectonics. The vision for Tectonics, happening November 2 in San Francisco, is to move the conversation around memory safety from "why" and "what if" to "how to." As one of our funders, Craig Newmark, noted, "I learned about memory safety bugs the hard way, back in 1985 when I was a programmer. We now have the tools to address this problem, so it's time to take action and eliminate these bugs and vulnerabilities by using memory safe code."

We recognize and are encouraged by the breadth and frequency of conversations around memory safety. While that is a strong wind in the sails of moving this work forward, Tectonics will be a day of proctored conversations led by individuals leading this work. Our goal is to collaboratively create a series of recommendations and guidance on how we can proliferate memory safety across the Internet.

In a day-long convening, Tectonics will use part of the day to hear from leaders like Window Snyder, CEO at Thistle Technologies, and Bob Lord, Senior Technical Advisor at CISA. The afternoon working group conversations will focus on addressing three topics:

Adoption of memory safe languages in operating systems
Dependency management
Organizational roadmaps for deploying memory safe software

Through proctored conversations, the end-result of Tectonics will be clear and actionable recommendations that Prossimo will publish and distribute. We're excited about the idea of a 2.0 conversation that will bring clarity to our collective work to build a more secure Internet for everyone, everywhere.

Tectonics sponsorships begin at $5,000 and are available now. Registration will open later this year, however you can save the date now to be notified once registration opens. Prossimo is a project of Internet Security Research Group (ISRG), a 501(c)(3) nonprofit organization. ISRG launched Prossimo in 2020 to bring greater attention and resources to tackling the problem of a lack of memory safety in the Internet's critical infrastructure. Since its founding, Prossimo has funded nine initiatives with more than $5M in funding to rewrite critical components of the Internet.

$1.5M from Sovereign Tech Fund to Fuel Memory Safety

Tue, 11 Jul 2023 00:00:00 +0000

Sovereign Tech Fund will be supporting three Prossimo initiatives over the next 18 months with work contracts totaling $1.5M. This is the largest single contract Prossimo has received to date. This funding enables our continued work with the wonderful maintainers, developers, and funders who have helped us make such great progress so far.

Rustls

This funding supports the development of both foundational features and general improvements. Rustls is well-positioned to replace OpenSSL in many scenarios and our work will make it more appealing for a wider user base. For example, in 2023 we plan to:

Enable pluggable cryptographic back-ends
Add the option to rely on OS trust verifier platforms
Develop a comprehensive performance benchmarking system
Change the default cryptographic library to one that is FIPS certified

rav1d

We will continue work to port the C code in the dav1d AV1 video and image decoder to Rust. We expect that rav1d will be ready for initial users in early 2024. Codecs have a long history of memory safety problems so we are excited to build one in a memory safe language just as more companies are making the switch from other media types to AV1.

DNS

We will accelerate the development and maturation of a high-potential DNS resolver. It will be highly performant, open source, memory safe, and fully recursive. Let's Encrypt, a sibling project of Prossimo also run by ISRG, will be one of the first large-scale deployments.

There is strong alignment between the work of Prossimo and the goal of the Sovereign Tech Fund, which is to strengthen digital infrastructure and open source ecosystems in the public interest. Fiona Krakenbürger, co-founder of the Sovereign Tech Fund, commented "The memory safety work that the Internet Security Research Group does with Prossimo is absolutely essential. It exemplifies the digital infrastructure and open source ecosystem the Sovereign Tech Fund wants to support. By investing in making TLS, the AV1 media decoder, and a DNS resolver more secure, we're acting in the public interest by improving the security of everyone using the internet, from individuals to companies and governments. Together, we're safeguarding our shared digital infrastructure for the common good."

Since Prossimo only focuses on critical infrastructure that is widely used, our work can have a broad impact across a large number of people using the internet (even if those people never know it!). This approach helps us do the most good with our resources.

We applaud the Sovereign Tech Fund and the German government for recognizing the connection between strong, well-supported digital infrastructure and innovation and economic growth (the fund is financed by the German Federal Ministry for Economic Affairs and Climate Action).

With better and more secure tools, people, companies, and institutions can focus more on the task at hand. We hope to see more public and private organizations who rely on open source critical digital infrastructure to step up and support it. If you or your organization would like to come on board as a funder of Prossimo, we would be excited to begin a conversation with you at donate@abetterinternet.org.

ISRG’s 10th Anniversary

Wed, 24 May 2023 00:00:00 +0000

It's hard to believe 10 years have passed since Eric Rescorla, Alex Halderman, Peter Eckersley and I founded ISRG as a nonprofit home for public benefit digital infrastructure. We had an ambitious vision, but we couldn't have known then the extent to which that vision would become shared and leveraged by so much of the Internet.

Since its founding in 2013, ISRG's Let's Encrypt certificate authority has come to serve hundreds of millions of websites and protect just about everyone who uses the Web. Our Prossimo project has brought the urgent issue of memory safety to the fore, and Divvi Up is set to revolutionize the way apps collect metrics while preserving user privacy. I've tried to comprehend how much data about peoples' lives our work has and will protect, and tried even harder to comprehend what that means if one could quantify privacy. It's simply beyond my ability.

Some of the highlights from the past ten years include:

May 24, 2013: ISRG is incorporated, intending to build Let's Encrypt
November 18, 2014: The Let's Encrypt project is announced publicly
September 14, 2015: Let's Encrypt issues its first certificate
October 19, 2015: Let's Encrypt becomes publicly trusted
December 3, 2015: Let's Encrypt becomes generally available
March 8, 2016: Let's Encrypt issues its millionth certificate
June 28, 2017: Let's Encrypt issues its 100 millionth certificate
March 11, 2019: The ACME protocol becomes an IETF standard
February 27, 2020: Let's Encrypt issues its billionth certificate
October 26, 2020: ISRG board approves a privacy preserving metrics project, now Divvi Up
December 9, 2020: ISRG board approves a memory safety project, now Prossimo
December 18, 2020: Divvi Up starts servicing COVID exposure notification
October 3, 2022: Support for Rust is merged into the Linux kernel

All this wouldn't be possible without our staff, community, donors, funders, and other partners, all of whom I'd like to thank wholeheartedly.

I feel so fortunate that we've been able to thrive. We're fortunate primarily because great people got involved and funders stepped up, but there's also just a bit of good fortune involved in any success story. The world is a complicated place, there is complex context that one can't control around every effort. Despite our best efforts, fortune has a role to play in terms of the degree to which the context swirling around us helps or hinders. We have been fortunate in every sense of the word and for that I am grateful.

Our work is far from over. Each of our three projects has challenges and opportunities ahead.

For Let's Encrypt, which is more critical than ever and relatively mature, our focus over the next few years will be on long-term sustainability. More and more people working with certificates can't recall a time when Let's Encrypt didn't exist, and most people who benefit from our service don't need to know it exists at all (by design!). Let's Encrypt is just part of how the Internet works now, which is great for many reasons, but it also means it's at risk of being taken for granted. We are making sure that doesn't happen so we can keep Let's Encrypt running reliably and make investments in its future.

Prossimo is making a huge amount of progress moving critical software infrastructure to memory safe code, from the Linux kernel to NTP, TLS, media codecs, and even sudo/su. We have two major challenges ahead of us here. The first is to raise the money we need to complete development work. The second is to get the safer software we've been building adopted widely. We feel pretty good about our plans but it's not going to be easy. Things worth doing rarely are.

Divvi Up is exciting technology with a bright future. Our biggest challenge here, like most things involving cryptography, is to make it easy to use. We also need to make sure we can provide the service at a cost that will allow for widespread adoption, so we'll be doing a lot of optimization. Our hope is that over the next decade we can make privacy respecting metrics the norm, just like we did for HTTPS.

The internet wasn't built with security or privacy in mind, so there is a bountiful opportunity for us to improve its infrastructure. The Internet is also constantly growing and changing, so it is also our job to look into the future and prepare for the next set of threats and challenges as best we can.

Thanks to our supporters, we'll continue adapting and responding to help ensure the Web is more secure long into the future. Please consider becoming a sponsor or making a donation in support of our work.

AWS commits $1M to Prossimo, bringing memory safety to critical parts of the Web

Thu, 11 May 2023 12:00:00 +0000

Amazon Web Services (AWS) has long supported ISRG's mission through sponsorships of projects such as Let's Encrypt. Today, we're pleased to announce that AWS has continued its commitment to Prossimo through a contribution of $1 million, funding four initiatives focused on improving memory safety: building a memory safe AV1 decoder, rav1d, rewriting sudo/su, furthering our efforts with Rustls, as well as building out NTPd-rs.

"At AWS, security is job zero and we are constantly looking for ways to help us and our customers operate more securely. With this funding, we're furthering ISRG's mission to build a more memory safe internet through the creation of new solutions for securing critical software tools. Investing in open source communities is essential to their long-term sustainability so they can continue to help tackle complex problems like memory safety." remarked David Nalley, Head of Open Source Strategy and Marketing at AWS.

Our work with the AV1 Decoder initiative is a unique opportunity because it's a relatively new media format and we have a chance to develop a safe decoder option before many organizations make their initial choices about AV1 implementations. This piece of infrastructure can be memory safe from the start. The plan for rav1d is that it performs as well or better than the C-based dav1d decoder.

Work on rav1d started towards the end of February 2023. The primary contractor is Immunant, with veteran codec expert Frank Bossen advising and contributing part-time. The plan is to transpile the C code in dav1d to Rust, then most of the time will be spent cleaning it up from unsafe transpiled Rust to safe, idiomatic Rust. The initial transpile has been completed already and work is well under way to get tests passing.

The sudo and su utilities mediate a critical privilege boundary on just about every open source operating system that powers the Internet. Unfortunately, these utilities have a long history of memory safety issues.

Work started on sudo and su in December of 2022. The contractors are a combined team from Tweede Golf and Ferrous Systems. The maintainer of the traditional sudo program, Todd Miller, is volunteering as an advisor to the team.

Our goal with Rustls is to build a safer TLS library that can largely replace OpenSSL over time. Rustls will be performant and memory safe. This work began in 2022 and is picking up great speed both in terms of new contributions and new consumers of Rustls.

NTP is how the Internet keeps track of time, but most of today's popular implementations are written in C. Our work has produced a new client and server that are both ready for use. We've also added Network Time Security (NTS) to both the NTP server and client.

We're grateful for the longtime commitment from AWS to helping ISRG and its projects build a more secure and privacy-respecting Web for everyone, everywhere. If you or your organization would like to come on board as a funder of Prossimo, we would be excited to begin a conversation with you at donate@abetterinternet.org.

Divvi Up Receives Funding from Internet Society Foundation and Meta

Wed, 05 Apr 2023 12:00:00 +0000

For the last two years, ISRG has been developing Divvi Up and the Internet Engineering Task Force (IETF)'s Distributed Aggregation Protocol (DAP) standard. Funding from Internet Society Foundation and Meta will support our continued progress toward the productionization of this service.

Divvi Up balances wanting to understand metrics about a population of users without infringing upon the privacy of any individual user through the use of cryptography and multi-party computation. Our goal is to be the impetus for a healthy, secure, robust ecosystem for privacy-respecting metrics collection, of which Divvi Up is one player.

“The Internet Society Foundation is excited to support the Internet Security Research Group’s effort to build an Internet that is more secure and privacy-respecting, one that is more trustworthy than it is today.”

Maiko Nakagaki, Program Officer, Internet Society Foundation

Over the last few months, we successfully executed a test of Divvi Up with live data through a deployment with our partners Mozilla and Cloudflare. The test demonstrated that the system operates as expected. We gained insight into how to further optimize for a production-ready service and continue to test and refine the system to ensure it will function at Internet scale.

The next big area of development will be ensuring that Divvi Up is easy to use and leverages automation to pave the path for wide-scale adoption. This will include refining the way subscribers interact with the Divvi Up system to improve ease of use, developing the subscriber sign-up flow on our website, and expanding the available aggregation schemes to provide more options for metrics computations. We will soon begin testing with the Poplar aggregation scheme, which will allow commonly reported values like URLs to be discovered without impinging on the privacy of individual reports.

We're grateful to our funders for supporting the development of this work. If you or your organization want to support privacy-preserving metrics, please get in touch via sponsor@abetterinternet.org. Divvi Up is a project of the 501(c)3 nonprofit Internet Security Research Group (ISRG), the organization behind Let's Encrypt and Prossimo.

ISRG Receives $100k Grant from Craig Newmark Philanthropies

Wed, 08 Feb 2023 12:00:00 +0000

We're pleased to announce that ISRG has received a grant of $100,000 from Craig Newmark Philanthropies. This funding will help support various activities related to our projects and mission.

When we initially connected with Craig Newmark, the founder of craigslist and Craig Newmark Philanthropies, we found common ground in the desire to improve Internet security. At ISRG, our three projects tackle security and privacy in order to make the Internet better for everyone, everywhere. One of our guiding beliefs is that the Internet is so complex that average users can't deeply understand the security implications of their choices. And yet, the Internet is so essential to thriving in today's world that it is imperative we make it better.

In 2022, Craig Newmark Philanthropies pledged $50 million to help support a response to the Internet's growing complexity and the subsequent growth of opportunistic cybersecurity threats. We look forward to contributing to this effort. Our Prossimo project, which focuses on improving memory safety in critical infrastructure, particularly struck a chord with Newmark. "I learned about memory safety bugs the hard way, back in 1985 when I was a programmer. We now have the tools to address this problem, so it's time to take action and eliminate these bugs and vulnerabilities by using memory safe code." We couldn't agree more and are glad to have the support of organizations like Craig Newmark Philanthropies to help us get there!

Craig Newmark, founder of craigslist and Craig Newmark Philanthropies, and Josh Aas, co-founder of Internet Security Research Group

ISRG Joins the Linux Foundation as an Associate Member

Wed, 01 Feb 2023 12:00:00 +0000

We're pleased to announce that ISRG has joined The Linux Foundation as an Associate Member. For many years, The LF was an administrative home for ISRG, enabling us to focus our resources on the engineering work related to building Let's Encrypt. In 2023, we took our administrative needs in-house, and we are thrilled to evolve our relationship with the Linux Foundation by becoming a Member.

Over the years, it has been apparent to us via our insider's view that The LF is truly a powerhouse for supporting Open Source. As our work at ISRG evolves, we look forward to continuing collaboration with The Linux Foundation and its projects - like supporting the growth of Rust in its namesake project via our Prossimo effort, and working with the OpenSSF team on the Open Source Security Mobilization Plan's memory safety workstream.

A Look into the Engineering Culture at ISRG

Thu, 12 Jan 2023 12:00:00 +0000

Engineers design systems and processes to ensure high quality outcomes and solutions - what if the same lens could be used to build a workplace where these very same engineers can thrive? Many organizations toil on how to build an environment where employees are engaged, challenged, and happy with their workplace, and while ISRG is not immune to those challenges, we do implement a few distinctive practices that help mitigate some workplace difficulties. Because 68% of our staff are engineers, we will be focusing in this post on how we are building a workplace culture where engineers can thrive.

1. Aligning Growth Aspirations

It happens again and again: a solid engineer grows and moves up the ranks and is then promoted to team manager, where they are supposed to juggle individual contributions, technical oversight, and people management. Many times, the engineer may not even have growth aspirations in people management, and yet they are put in a position where they are expected to know how to manage people and do it well. This could lead to the employee feeling like they cannot do their job sufficiently, feelings of imposter syndrome, burnout, or unreasonable expectations for everyone else put in a similar position.

To address this issue, our engineering career ladder intentionally does not include management requirements. This enables engineers to continually grow as individual contributors without having to be forced into responsibilities they may not be interested in or skilled at.

Many of our Site Reliability Engineers (SREs) have a background in operations work. To support their growth, we run a job rotation cycle where SREs spend 12-18 months on our Developer team to foster coding, architecture, and design skills. Some extra benefits to this are the strengthening of mentorship amongst team members as well as the connection between the two teams for better alignment in priorities and understanding.

It is essential to support employees in their growth and goal setting consistently so that workforce planning can be done with the employees' best interests in mind. This is done through cultivating a psychologically safe environment where employees feel comfortable asking questions, making mistakes, and are encouraged to reflect and be open about their aspirations. Processes that help this along are regularly structured check-ins, performance reviews, blameless post-incident debriefs, and open feedback and communication with their peers and leaders.

2. Mitigate the Management SPOF (Single Point of Failure)

Every engineering team at ISRG is led by a Technical Lead and a People Manager. This separation of technical and people oversight allows for the work of leading an engineering team to be broken up so that it is not all resting on one person. The Technical Lead can focus on being in charge of the technical viability, structures, and processes while the People Manager can focus on things such as individual and team goal setting, growth opportunities, and conflict resolution.

The Technical Lead and People Manager come together when it comes to process development, visibility, and recognition. They also work together to address things for each other while not playing the other's role, thus mitigating the "who manages the manager" quandary. There are more instances where collaboration is needed between the two positions and that crossover lends to more perspective and opinion on what could be a complex issue.

3. Intentional Scalability

It is easy to dive straight into action items and deadlines, and then before you know it, things are rapidly scaling in efforts to keep up. The analogy of "building the plane while it's flying" comes to mind. Later down the line those scaled systems show flaws that are far more difficult to repair.

Much like designing a reliable and scalable engineering system, our goal is to create a workforce system that can handle increases in load while maintaining effective performance without redesigning the whole thing or "rebuilding the plane."

Our dual leadership approach sets up our management with increased load and changing priorities in mind. Both people have more wiggle room to anticipate and adjust. It may seem superfluous to have Engineering People Managers in a small organization, however this prepares for future growth with a relatively lean solution without the extra complexity.

Like all scalable solutions, there is the upfront investment of time and money. However, the benefits will far outweigh the costs in the long run since building on scalable systems is typically less expensive than trying to adapt or redesign less agile systems.

While reflecting on our engineering workplace systems and how they came to be, we recognized that many were organically built out of having a remote workplace, autonomous teams, and the driving values of flexibility and inclusion. We will continue to design practices with these things in mind.

All in all, when looked at with a holistic lens, building an engineering workplace culture has several considerations that are similar to those we focus on when designing software systems. The obvious difference is that instead of functions and data, we are dealing with actual people with feelings and ever changing wants and needs. That is why it is important to once again acknowledge that no two workplaces are the same and there are no perfect solutions, but we hope that these few points lead to thoughtful reflection on how organizations can improve their engineer workplace experience.

If this sounds like a culture you'd like to be a part of, check out our open jobs!

A Year-End Letter from our Executive Director

Mon, 05 Dec 2022 12:00:00 +0000

This letter was originally published in our 2022 annual report.

The past year at ISRG has been a great one and I couldn't be more proud of our staff, community, funders, and other partners that made it happen. Let's Encrypt continues to thrive, serving more websites around the world than ever before with excellent security and stability.

A particularly big moment was when Let's Encrypt surpassed 300,000,000 websites served. When I was informed that we had reached that milestone, my first reaction was to be excited and happy about how many people we've been able to help. My second reaction, following on quickly after the first, was to take a deep breath and reflect on the magnitude of the responsibility we have here.

The way ISRG is translating that sense of responsibility to action today is probably best described as a focus on agility and resilience. We need to assume that, despite our best efforts trying to prevent issues, unexpected and unfortunate events will happen and we need to position ourselves to handle them.

Back in March of 2020 Let's Encrypt needed to respond to a compliance incident that affected nearly three million certificates. That meant we needed to get our subscribers to renew those three million certificates in a very short period of time or the sites might have availability issues. We dealt with that incident pretty well considering the remediation options available, but it was clear that incremental improvements would not make enough of a difference for events like this in the future. We needed to introduce systems that would allow us to be significantly more agile and resilient going forward.

Since then we've developed a specification for automating certificate renewal signals so that our subscribers can handle revocation/renewal events as easily as they can get certificates in the first place (it just happens automatically in the background!). That specification is making its way through the IETF standards process so that the whole ecosystem can benefit, and we plan to deploy it in production at Let's Encrypt shortly. Combined with other steps we've taken in order to more easily handle renewal traffic surges, Let's Encrypt should be able to respond on a whole different level the next time we need to ask significant numbers of subscribers to renew early.

This kind of work on agility and resilience is critical if we're going to improve security and privacy at scale on the Web.

Our Divvi Up team has made a huge amount of progress implementing a new service that will bring privacy respecting metrics to millions of people. Applications collect all kinds of metrics: some of them are sensitive, some of them aren't, and some of them seem innocuous but could reveal private information about a person. We're making it possible for apps to get aggregated, anonymized metrics that give insight at a population level while protecting the privacy of the people who are using those apps. Everybody wins - users get great privacy and apps get the metrics they need without handling individual user data. As we move into 2023, we'll continue to grow our roster of beta testers and partners.

Our Prossimo project started in 2020 with a clear goal: move security sensitive software infrastructure to memory safe code. Since then, we've gotten a lot of code written to improve memory safety on the Internet.

We're ending the year with Rust support being merged into the Linux kernel and the completion of a memory safe NTP client and server implementation. We're thrilled about the potential for a more memory safe kernel, but now we need to see the development of drivers in Rust. We're particularly excited about an NVMe driver that shows excellent initial performance metrics while coming with the benefit of never producing a memory safety bug. We are actively working to make similar progress on Rustls, a high-performance TLS library, and Trust-DNS, a fully recursive DNS resolver.

All of this is made possible by charitable contributions from people like you and organizations around the world. Since 2015, tens of thousands of people have given to our work. They've made a case for corporate sponsorship, given through their DAFs, or set up recurring donations. That's all added up to $17M that we've used to change the Internet for nearly everyone using it. I hope you'll join these people and support us financially if you can.

Remembering Peter Eckersley

Mon, 12 Sep 2022 00:00:00 +0000

Artwork by Hugh D’Andrade

Peter Eckersley, a Let’s Encrypt co-founder, passed away unexpectedly on September 2nd from complications of cancer treatment. As an incredibly kind, bright, and energetic person, he was a beloved member of the community of people working to make the Internet a better place. He played an important role in the founding of Let’s Encrypt and his loss is felt deeply by many in our organization.

Peter met Alex Halderman at the RSA Conference in 2012 and the two of them started to make plans for technology to automate the process of acquiring HTTPS certificates. This work included early designs for what would become the ACME protocol. Peter and Alex later teamed up with a parallel effort by Josh Aas and Eric Rescorla at Mozilla, and the four of us worked together to create a new automated public benefit CA. The result was Let’s Encrypt, which began service in 2015.

Peter also led the development of the initial ACME client, which would eventually become Certbot. In a reflection of Peter’s vision for making the Internet secure by default, Certbot aims to fully automate HTTPS deployment, rather than simply procure a certificate. Today, Certbot is among the most popular ACME clients, and it is developed and maintained by Peter’s former team at the Electronic Frontier Foundation (EFF).

Peter was a member of our Board of Directors for several years. We greatly valued his contributions as a Director, but one of the memories from that time that makes us smile the most is Peter’s habit of showing up to board meetings with a messenger bag over his shoulder, helmet hair, and rosy cheeks from arriving by bike.

Making change at scale on the Internet is not easy. One way to get it done is to be both a dreamer and someone who possesses the deep technical knowledge necessary to bring dreams to reality. Peter was one of those people, and we’re grateful to have been able to work with him.

We hope to honor Peter’s life by letting the qualities we admired so much in him - his energy, optimism, kindness, and pursuit of knowledge - inspire our efforts going forward.

Peter's longtime friend and colleague Seth Schoen, who was among the earliest contributors to Let’s Encrypt and Certbot, further memorializes Peter in a post on our community forum.

Christine Runnegar is Elected to Chair ISRG’s Board of Directors

Tue, 30 Aug 2022 12:00:00 +0000

Christine Runnegar has recently assumed ISRG's Board Chair duties. Please join me in welcoming her to this new role.

As a member of the ISRG Board of Directors since 2018, Christine has contributed meaningfully to our organization. She brings an international perspective to pressing issues related to security and privacy through a career that has spanned several continents, most recently at Internet Society. Her experience helps us respond to the needs of a global internet.

Christine deeply values the ISRG's committed public interest role of providing a trusted, reliable and sustainable home for public-benefit digital infrastructure projects such as Let's Encrypt, Prossimo, and Divvi Up. Throughout her career, she has pursued roles that have advanced the public interest, whether as a lawyer for the Australian government in competition and consumer protection or anti-spam litigation, or by promoting policy, legal or technical solutions that improve the privacy and security of individuals when they go online.

As Senior Director, Internet Trust at the Internet Society, Christine has contributed to the work of the Organisation for Economic Cooperation and Development (OECD), Council of Europe, The African Union, APEC, and other stakeholders in developing better public policy for digital security and privacy, for the protection of Internet users. She serves on the International Association of Privacy Practitioners (IAPP) Privacy Engineering Section Advisory Board and as chair of the W3C Privacy Interest Group (PING), which reviews the privacy risks and features of web specifications. Christine has also served on the Permanent Stakeholders Group of the European Union Agency for Cybersecurity (ENISA), providing strategic direction for the organization's work, and as an expert in the Stiftung Neue Verantwortung (SNV) Transatlantic Cyber Forum.

In addition, Christine's expertise in policy development has benefited ISRG. The Board has taken on the recent task of updating our bylaws, a job that Christine led. Her enthusiasm and diligence in this process helped us to bring more clarity to our governance.

It has been wonderful for me to get to know Christine over the last five years, and I look forward to working with her in this new role.

A Profile of Richard Barnes, ISRG Director

Wed, 20 Apr 2022 12:00:00 +0000

The idea that you can put sensitive data into a system and be able to get an accurate summary of that data without people having access to the specifics is very useful.

Richard Barnes

Richard Barnes has been a Director on ISRG's board since 2017 and has been involved with our work for much longer. In fact, Richard wrote the original version of the boulder codebase that runs Let's Encrypt. Josh Aas and Eric Rescorla, two of the founders of Let's Encrypt, approached him at an IETF meeting to discuss how to develop the Certificate Authority (CA) codebase. They'd all heard good things about Go, a relatively new language, so Richard did some tutorials and wrote the first version of boulder on the long flight home from the IETF meeting. A few lines of that original code are still in production today!

Richard also played an important role in driving the standardization process for the Automated Certificate Management Environment (ACME) protocol that underpins our certificate issuance. "I saw the opportunity for this to be a standard that could be useful across the ecosystem. We wanted Let's Encrypt to be a beacon for operational best practices for all of the Web PKI," said Richard. He helped the ACME protocol to become an IETF RFC, ensuring a process of open discussion and collaboration. Since the standardization process, ACME has been adopted by several CAs in addition to Let's Encrypt.

Today, ISRG is going through a process that is quite similar to standardizing ACME with the development of Divvi Up, a new service that enables privacy-respecting metrics collection. Divvi Up uses the Privacy Preserving Metrics (PPM) protocol, which is being standardized in the IETF currently. "This is a process that involves rough consensus and running code. What gave ACME a lot of power was that it was running in Let's Encrypt infrastructure while we were working on it in the IETF. When people said things couldn't be done we had working proof that it could," Richard noted. ISRG began operating the predecessor to PPM in late 2020 for Covid-19 exposure notification apps, and is now building the Divvi Up service to mirror the IETF specification.

Richard observed that the impact of Divvi Up on Internet security and privacy could be quite large. "The idea that you can put sensitive data into a system and be able to get an accurate summary of that data without people having access to the specifics is very useful," he said, "For example, if independent review boards get wind of this, it could revolutionize science. Scientists could get exact summaries of the information without people having to give up their exact data."

In the four years that Richard has been a member of ISRG's Board, our organization and impact have both grown. "I am proud that we have built and maintained a piece of critical infrastructure in Let's Encrypt and extended that success to other domains with Divvi Up and Prossimo. We have proven that a small, focused organization can have an impact on the internet. You can do a lot with not a lot if you are really focused about it," he concluded. We're grateful to Richard for his continued role in helping us achieve our mission.

ISRG is a 501©(3) nonprofit organization that is 100% supported through the generosity of those who share our vision for ubiquitous, open Internet security. If you'd like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.

Let’s Encrypt Receives the Levchin Prize for Real-World Cryptography

Wed, 13 Apr 2022 00:00:00 +0000

On April 13, 2022, the Real World Crypto steering committee presented the Max Levchin Prize for Real-World Cryptography to Let’s Encrypt. The following is the speech delivered by our Executive Director, Josh Aas upon receiving the award. We’d like to thank our community for supporting us and invite you to join us in making the Internet more secure and privacy-respecting for everyone.

Thank you to the Real World Crypto steering committee and to Max Levchin for this recognition. I couldn’t be more proud of what our team has accomplished since we started working on Let’s Encrypt back in 2013.

My first temptation is to name some names, but there are so many people who have given a significant portion of their lives to this work over the years that the list would be too long. You know who you are. I hope you’re as proud as I am at this moment.

Let’s Encrypt is currently used by more than 280 million websites, issuing between two and three million certificates per day. I often think about how we got here, looking for some nugget of wisdom that might be useful to others. I’m not sure I’ve really come up with anything particularly profound, but I’m going to give you my thoughts anyway. Generally speaking: we started with a pretty good idea, built a strong team, stayed focused on what’s important, and kept ease of use in mind every step of the way.

Let’s Encrypt ultimately came from a group of people thinking about a pretty daunting challenge. The billions of people living increasingly large portions of their lives online deserved better privacy and security, but in order to do that we needed to convince hundreds of millions of websites to switch to HTTPS. Not only did we want them to make that change, we wanted most of them to make the change within the next three to five years.

We thought through a lot of options but in the end we just didn’t see any other way than to build what became Let’s Encrypt. In hindsight building Let’s Encrypt seems like it was a good and rewarding idea, but at the time it was a frustrating conclusion in many ways. It’s not an easy solution to commit to. It meant standing up a new organization, hiring at least a dozen people, understanding a lot of details about how to operate a CA, building some fairly intense technical systems, and setting all of it up to operate for decades. Many of us wanted to work on this interesting problem for a bit, solve it or at least put a big dent in it, and then move on to other interesting problems. I don’t know about you, but I certainly didn’t dream about building and operating a CA when I was younger.

It needed to be done though, so we got to work. We built a great team that initially consisted of mostly volunteers and very few staff. Over time that ratio reversed itself such that most people working on Let’s Encrypt on a daily basis are staff, but we’re fortunate to continue to have a vibrant community of volunteers who do work ranging from translating our website and providing assistance on our community forums, to maintaining the dozens (maybe hundreds?) of client software options out there.

Today there are just 11 engineers working on Let’s Encrypt, as well as a small team handling fundraising, communication, and administrative tasks. That’s not a lot of people for an organization serving hundreds of millions of websites in every country on the globe, subject to a fairly intense set of industry rules, audits, and high expectations for security and reliability. The team is preparing to serve as many as 1 billion websites. When that day comes to pass the team will be larger, but probably not much larger. Efficiency is important to us, for a couple of reasons. The first is principle - we believe it’s our obligation to do the most good we can with every dollar entrusted to us. The second reason is necessity - it’s not easy to raise money, and we need to do our best to accomplish our mission with what’s available to us.

It probably doesn’t come as a surprise to anyone here at Real World Crypto that ease of use was critical to any success we’ve had in applying cryptography more widely. Let’s Encrypt has a fair amount of internal complexity, but we expose users to as little of that as possible. Ideally it’s a fully automated and forgettable background task even to the people running servers.

The fact that Let’s Encrypt is free is a huge factor in ease of use. It isn’t even about how much money people might be willing or able to pay, but any financial transaction requirement would make it impossible to fully automate our service. At some point someone would have to get a credit card and manage payment information. That task ranges in complexity from finding your wallet to obtaining corporate approval. The existence of a payment in any amount would also greatly limit our geographic availability because of sanctions and financial logistics.

All of these factors led to the decision to form ISRG, a nonprofit entity to support Let’s Encrypt. Our ability to provide this global, reliable service is all thanks to the people and companies who believe in TLS everywhere and have supported us financially. I’m so grateful to all of our contributors for helping us.

Our service is pretty easy to use under normal circumstances, but we’re not done yet. We can be better about handling exceptional circumstances such as large revocation events. Resiliency is good. Automated, smooth resiliency is even better. That’s why I’m so excited about the ACME Renewal Info work we’re doing in the IETF now, which will go into production over the next year.

Everyone here has heard it before, but I’ll say it again because we can’t afford to let it slip our minds. Ease of use is critical for widespread adoption of real world cryptography. As we look toward the future of ISRG, our new projects will have ease of use at their core. In fact, you can learn about our newest project related to privacy-preserving measurement at two of this afternoon’s sessions! Getting ease of use right is not just about the software though. It’s a sort of pas de trois, a dance for three, between software, legal, and finance, in order to achieve a great outcome.

Thank you again. This recognition means so much to us.

Supporting Let’s Encrypt

As a nonprofit project, 100% of our funding comes from contributions from our community of users and supporters. We depend on their support in order to provide our services for the public benefit. If your company or organization would like to sponsor Let’s Encrypt please email us at sponsor@letsencrypt.org. If you can support us with a donation, we ask that you make an individual contribution.

New Major Funding from the Ford Foundation

Fri, 25 Feb 2022 00:00:00 +0000

ISRG's pragmatic, public-interest approach to Internet security has fundamentally changed the web at an astonishing scale and pace.

Michael Brennan, Ford Foundation

The Internet has considerable potential to help build a more just, equitable, and sustainable world for all people. Yet for everyone online—and indeed the billions not yet online—barriers to secure and privacy-respecting communication remain pervasive.

ISRG was founded in 2013 to find and eliminate these barriers. Today, we’re proud to announce a $1M grant from the Ford Foundation to continue our efforts.

Our first project, Let’s Encrypt, leverages technology whose foundation has existed for nearly three decades—TLS certificates for securely communicating information via HTTP. Yet even for people well-versed in technology, adopting TLS proved daunting.

Before Let’s Encrypt, the growth rate for HTTPS page loads merely puttered along. As recently as 2013, just 25% of websites used HTTPS. In order for the Internet to reach its full potential, this glaring risk to peoples’ security and privacy needed to be mitigated.

Let’s Encrypt changed the paradigm. Today 81% of website page loads use HTTPS. That means that you and the other 4.9 billion people online can leverage the Internet for your own pursuits with a greater degree of security and privacy than ever before.

But TLS adoption was just one hurdle. Much can be done to further improve the Internet’s most critical pieces of technology to be more secure; much can be done to further improve the privacy of everyone using the Internet today.

Building our efforts thanks to transformational support

Ford Foundation’s commitment recognizes that the Internet can be a technological tool to build a more just, equitable, and sustainable world, but that it will take organizations like ISRG to help build it.

“Ford Foundation is one of the most respected grantmaking institutions in the world,” Josh Aas, ISRG Executive Director, said. “We are proud that Ford believes in the impact we’ve created and the potential of our efforts to continue benefiting everyone using the Internet.”

This support, which began in 2021, will help ISRG continue to invest in Let’s Encrypt and our other projects, Prossimo and Divvi Up.

Launched in late 2020, Prossimo intends to move the Internet's most critical security-sensitive software infrastructure to memory safe code. Society pays the price for these vulnerabilities with privacy violations, staggering financial losses, denial of public services (e.g., hospitals, power grids), and human rights violations. Meaningful effort will be required to bring about such change, but the Internet will be around for a long time. There is time for ambitious efforts to pay off.

Divvi Up is a system for privacy-preserving metrics analysis. With Divvi Up, organizations can analyze and share data to further their aims without sacrificing their users’ privacy. Divvi Up is currently used for COVID-19 Exposure Notification apps and has processed over 14 billion metrics to aid Public Health Authorities to better hone their app to be responsive to their local populations.

"ISRG's pragmatic, public-interest approach to Internet security has fundamentally changed the web at an astonishing scale and pace,” Michael Brennan of the Ford Foundation said. "I believe their new projects have the same potential and I am eager to see what they turn their sights to next."

We’re grateful to Ford for their support of our efforts, and to all of you who have contributed time and resources to our projects. For more information on ISRG and our projects, take a read through our 2021 Annual Report. 100% of ISRG’s funding comes from contributed sources. If you or your organization are interested in helping advance our mission, consider becoming a sponsor, making a one-time contribution, or reaching out with your idea on how you can help financially support our mission at sponsor@abetterinternet.org.

Introducing Sarah Heil, ISRG’s CFO

Thu, 10 Feb 2022 00:00:00 +0000

I thrive creating and building systems, policies, and processes from the ground up.

Sarah Heil, ISRG CFO

We’re pleased to welcome Sarah Heil as our Chief Financial Officer.

Sarah brings a strong focus on systems and efficiency, which is part of what makes her a great fit for ISRG. We are a systems-building organization that prioritizes benefiting from well-constructed and thoughtful tools. We take this approach across our organization, from engineering to finance and accounting. “I thrive creating and building systems, policies, and processes from the ground up,” Heil said in regard to what drew her to ISRG.

In her previous work in both for-profit and nonprofit settings (most recently at American Civil Liberties Union of Minnesota), Sarah has approached financial management holistically, seeking to understand the organization’s context. “I love the fact that what we do at ISRG is so vitally important and that most people using the Internet never need to know about it. I’m impressed by how widespread our impact is,” she said.

ISRG has been on a path of growth since our early days, thanks to the widespread enthusiasm for our Let’s Encrypt TLS certificates. The launch of two new projects in 2021 has created new complexity for our organization, but also opportunity. “My belief with nonprofit management is that you need to be secure, stable, and able to expand responsibly. It’s about planning and looking as far out as you can, but it’s also important to have the ability to reevaluate and pivot with change,” said Heil. We’re so glad to have Sarah here to help us plan, prepare for, and create the future of ISRG!

A Year-End Letter from our Executive Director

Thu, 16 Dec 2021 00:00:00 +0000

This letter was originally published in our 2021 annual report.

We can do a lot to improve security and privacy on the Internet by taking existing ideas and applying them in ways that benefit the general public at scale. Our work certainly does involve some research, as our name implies, but the success that we’ve had in pursuing our mission largely comes from our ability to go from ideas to implementations that improve the lives of billions of people around the world.

Our first major project, Let’s Encrypt, now helps to protect more than 260 million websites by offering free and fully automated TLS certificate issuance and management. Since it launched in 2015, encrypted page loads have gone from under 40% to 92% in the U.S. and 83% globally.

We didn’t invent certificate authorities. We didn’t invent automated issuance and management. We refined those ideas and applied them in ways that benefit the general public at scale.

We launched our Prossimo project in late 2020. Our hope is that this project will greatly improve security and privacy on the Internet by making memory safety vulnerabilities in the Internet’s most critical software a thing of the past. We’re bringing a healthy dose of ambition to the table and we’re backing it up with effective strategies and strong partnerships.

Again, we didn’t invent any memory safe languages or techniques, and we certainly didn’t invent memory safety itself. We’re simply taking existing ideas and applying them in ways that benefit the general public at scale. We’re getting the work done.

With our latest project, Divvi Up for Privacy Preserving Metrics (PPM), the core ideas are a bit newer than the ideas behind our other projects, but we didn’t invent them either. Over the past decade or so some bright people have come up with a way to resolve the tension between wanting to collect metrics about populations and needing to collect data about individuals.

We believe those ideas have matured enough that it’s time to deploy them to the public’s benefit. We started by building and deploying a PPM service for Covid-19 Exposure Notification applications in late 2020, in partnership with Apple, Google, the Bill & Melinda Gates Foundation and the Linux Foundation. We’re expanding that service so any application can collect metrics in a privacy-preserving way.

Being ready to bring ideas to life means a few different things.

We need to have an excellent engineering team that knows how to build services at scale. It’s not enough to just build something that works - the quality and reliability of our work needs to inspire confidence. People need to be able to rely on us.

We also need to have the experience, perspective, and capacity to effectively consider ideas. We are not an organization that “throws things at the wall to see what sticks.” Between our staff, our board of directors, our partners, and our community, we’re able to do a great job evaluating opportunities to understand technical feasibility, potential impact, and alignment with our public benefit mission—to reduce financial, technological, and educational barriers to secure communication over the Internet.

Administrative and communications capabilities are essential. From fundraising and accounting to legal and social media, our administrative teams exist in order to support and amplify the critical work that we do. We're proud to run a financially efficient organization that provides services for billions of people on only a few million dollars each year.

Finally, it means having the financial resources we need to function. As a nonprofit, 100% of our funding comes from charitable contributions from people like you and organizations around the world. But global impact doesn’t necessarily require million dollar checks: since 2015 tens of thousands of people have given to our work. They’ve made a case for corporate sponsorship, given through their DAFs, or set up recurring donations, sometimes to give $3 a month. That’s all added up to $17M that we’ve used to change the Internet for nearly everyone using it. I hope you’ll join these people and support us financially if you can.

Project Update and New Name for ISRG Prio Services: Introducing Divvi Up

Wed, 08 Dec 2021 00:00:00 +0000

In the summer of 2020, we began building a service based on Prio - a cryptographic technique that enables privacy-preserving aggregation of metrics. We built it with focused engineering in the typical ISRG way and had it running in production by the end of the year. The urgency was derived from our intended use: to provide metrics to the Public Health Authorities on the effectiveness of exposure notification apps used to slow the spread of Covid-19. We’ve processed over 12 billion metrics since launch.

We’ve continued to evolve our infrastructure based both on our experience with the Covid-19 apps and input from a larger collaboration with folks who are working to design and develop a standard protocol for privacy preserving measurement. The protocol aims to include the capability to use Prio or another related technique called “Heavy-hitters.” Since two parties are required for either approach to work, it’s critical that we develop a protocol that can be widely used and standardized. As a nonprofit whose role is to advance privacy for the people using the internet, we think it’s important to have a seat at the table when design decisions are made so the public’s benefit is considered.

This work was recently presented at the IETF to begin the standardization process. The initial presentation was overall well-received and we anticipate the formation of a Working Group in early 2022.

Meanwhile, on the technical development side, we have an initial prototype of the protocol to test assumptions made in the standard. We will continue to make the prototype more robust in coming months with the goal of having a deployment that can be tested by partners in 2022.

We’ve received funding from Google and Facebook to develop our work. Thank you! We are seeking additional funding to support the engineering and operational cost of developing this service.

Last, the name of our service is changing!

We’ve re-named our project to Divvi Up in order to differentiate our service from the protocol itself. The name Divvi Up derives from a core concept of this work where data must be divided into shares.

ISRG is a 501(c)(3) nonprofit organization that is 100% supported through the generosity of those who share our vision for ubiquitous, open Internet security. If you’d like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.

ISRG Prio Services for Preserving Privacy in COVID-19 EN Apps

Fri, 04 Jun 2021 00:00:00 +0000

ISRG serves as one of the data processors in the Prio-based privacy-preserving metrics system used by Apple and Google’s Exposure Notifications Express (ENX) system. Along with our partners, we have designed a system that protects privacy while providing useful data, we’ve created a production-quality implementation, and we operate our service efficiently and reliably. We have been participating in this collaboration since 2020 and see this as a great example of Prio as a useful privacy tool.

There is strong evidence that effective app-based contact tracing can help slow the spread of COVID-19. The role of Exposure Notification Private Analytics (ENPA) is to enable the Public Health Authorities (PHAs) administering an ENX app to collect aggregate metrics while protecting the privacy of each individual person using the app. These metrics can help with the epidemiological response based on new trends in the spread of COVID-19. For example, ENPA can provide the total number of exposure notification alerts displayed to users without exposing how many alerts each individual’s device has received, or whether a particular device has displayed alerts at all. This information can help PHAs better understand the effectiveness of the system and adjust the parameters they provide for ENX if appropriate. ENPA is available for people using a supported iOS or Android phone, though they must opt in once their state’s PHA has decided to participate.

On a person’s device, ENPA data is divided into two shares in such a way that a person’s data is not intelligible without both shares. While the data is still on the device, one share is encrypted using an encryption key from ISRG, the other is encrypted with a key from the National Institutes of Health (NIH). The data shares are then sent to ingestion servers operated by Google and Apple. The ingestion servers cannot decrypt the data shares, but they can do device authenticity verification and load balancing. Once any such functions are performed, the data shares are then passed on to ISRG and NIH. Once we get our share, we sum it into a partial aggregate sum. NIH does the same with their share. The ISRG and NIH partial aggregate sums are then sent to a server operated by MITRE, where they are combined into a complete set of metrics that can be viewed by PHAs.

This Prio-based process ensures that individual user data is never accessible in an intelligible form once it leaves the user's device, yet useful aggregate metrics are provided to PHAs. To see exactly how it works, check out ISRG’s open source implementation.

Through this collaboration we are pleased to see that Prio can work seamlessly at scale; ISRG has aggregated over two billion device metrics as part of the ENPA system. ENPA is currently deployed in eleven U.S. states and Washington, D.C. and we will soon be providing this service to countries around the world to help reduce the spread of COVID-19.

We are continuing to develop our Prio service so it is more easily accessible to applications beyond our ENPA work and will provide updates as that happens.

Preparing Rustls for Wider Adoption

Tue, 20 Apr 2021 00:00:00 +0000

SSL/TLS libraries are critical software infrastructure for the Internet. Unfortunately, most of them have a long history of serious security issues. Many of those issues stem from the fact that the libraries are usually written in languages like C, which are not memory safe. It’s time for the Internet to move on to more secure software, and that’s why our Memory Safety Initiative is coordinating work to make further improvements to the Rustls TLS library.

Rustls is an excellent alternative to OpenSSL and similar libraries. Much of its critical code is written in Rust so it’s largely memory-safe without sacrificing performance. It has been audited and found to be a high quality implementation. Here’s one of our favorite lines from the report:

“Using the type system to statically encode properties such as the TLS state transition function is just one example of great defense-in-depth design decisions.”

With financial support from Google, we’ve contracted with Dirkjan Ochtman, an experienced Rust developer and Rustls contributor, to make a number of additional improvements to Rustls, including:

Enforce a no-panic policy to eliminate the potential for undefined behavior when Rustls is used across the C language boundary.
Improve the C API so that Rustls can even more easily be integrated into existing C-based applications. Merge the C API into the main Rustls repository.
Add support for validating certificates that contain an IP address in the subject alternate name extension.
Make it possible to configure server-side connections based on client input.

These improvements should make Rustls a more attractive option for many projects. We are already integrating it into Curl and Apache httpd, and we hope to replace the use of OpenSSL and other unsafe TLS libraries in use at Let’s Encrypt with Rustls.

We currently live in a world where deploying a few million lines of C code on a network edge to handle requests is standard practice, despite all of the evidence we have that such behavior is unsafe. Our industry needs to get to a place where deploying code that isn’t memory safe to handle network traffic is widely understood to be dangerous and irresponsible. People need memory safe software that suits their needs to be available to them though, and that’s why we’re getting to work.

Introducing Our Newest Board Member: David Nalley

Fri, 12 Mar 2021 00:00:00 +0000

We are pleased to announce that David Nalley, Principal of Open Source Strategy and Marketing at AWS, has joined the ISRG Board of Directors.

David brings a strong community-oriented perspective to ISRG. He has been working in open source communities for a long time and understands the important role open source plays in our society today, “Certainly for tech and software, open source is the public commons. People can freely consume from that commons, which presents both opportunity and risk,” he said.

When we launched Let’s Encrypt in 2015, we expected it could take many years to move the Web to 100% encryption. We’ve been pleasantly surprised to see such phenomenal progress in just five years. The number of people and companies who financially support our work has also grown to help us maintain the high quality of service people have come to expect. As we strive to make our service invisible, we are aware of the risk of being taken for granted and are working hard to combat it through communications and ongoing improvement.

In 2020, ISRG introduced two new projects: ISRG Prio Services, which enables subscribers to have privacy-respecting metrics, and a project related to improving the memory safety of important software. For both efforts, the benefits will compound over a longer period of time. “I’m excited by a group that has long-term thinking on what we can have an impact on in five or 10 years,” David said. “For better or worse, a lot of software is focused on the next release or the imminent security bugs. But the kind of long-term thinking in which you start the project thinking you will have an impact in 10 years—it is so rare to have that kind of thinking.”

Related to both the concepts of technology as the public commons and the power of long-term thinking is that of sustainability. From the start, the ISRG Board of Directors has considered carefully how to build a sustainable organization, and I’m excited that David wants to contribute to that thinking. “I don’t profess to have all the answers, but I am excited to work to ensure that ISRG and Let’s Encrypt remain sustainable,” he said.

Please join me in welcoming David to the ISRG Board of Directors!

Introducing Erica Portnoy to the ISRG Board of Directors

Wed, 17 Feb 2021 00:00:00 +0000

We believe that privacy is a right of people and we want people on the Internet to have the same privacy that they expect offline.

Senior Staff Technologist at EFF Erica Portnoy

Electronic Frontier Foundation (EFF) has been a strong partner and ally of our mission at ISRG from the beginning. Back in 2012, folks at EFF were working on a free and automated Certificate Authority while a few Mozillians and I were busy developing the protocol that would become ACME. We joined forces when we learned of each other’s efforts. Several wonderful EFFers have sat on our Board of Directors throughout the years, and today I am pleased to announce that the seat is filled by Erica Portnoy.

Erica brings unique insight to Let’s Encrypt in her role running EFF’s Certbot client. Certbot is the client we recommend most people try first because of its user friendliness and broad compatibility across operating systems. “With Certbot we are the interface between Let's Encrypt and anybody who wants to run a webserver without worrying about the details of encryption,” Erica said. In her work at EFF, Erica led an overhaul of the Certbot user experience to create a flow that is more accessible, “we fill a particular niche in the ecosystem of clients. Certbot is pretty interactive and feature rich; you can get a lot of information. There are other clients out there that are a basic shell script and don’t have automatic renewals.”

Erica was drawn to EFF because of the organization’s mission and its intersection with her security expertise, “we believe that privacy is a right of people and we want people on the Internet to have the same privacy that they expect offline,” she noted.

The commitment to privacy that is shared between ISRG and EFF is part of what excites Erica about our new projects, particularly ISRG Prio Services. “Without ISRG being there, Prio stays a fantasy in a cryptographer’s mind,” she said, “it’s an assumption that you make in a research paper that there is a nonprofit that people trust to not collude. Having a nonprofit that has the credibility and the SRE resources is an exciting intersection.”

Please join me in welcoming Erica to the ISRG Board of Directors!

A Memory Safe TLS Module for the Apache HTTP Server

Tue, 02 Feb 2021 00:00:00 +0000

Apache httpd is still a critically important piece of infrastructure, 26 years after its inception. As an original co-developer, I feel a serious revamp like this has the potential to protect a lot of people and keep httpd relevant far into the future.

Brian Behlendorf

The Apache HTTP Server, httpd, is an important piece of the Internet’s infrastructure. Hundreds of millions of websites use it every day to serve requests. As such, improvements to httpd security have broad impact.

One of the biggest issues with httpd is the fact that it’s written in C, which is not a memory safe language. Memory safety issues dominate its list of security vulnerabilities. Rewriting httpd from scratch or moving its users to a memory safe alternative would be incredibly difficult, but fortunately we can tackle httpd’s memory safety problem incrementally.

ISRG is starting by facilitating the creation of a new TLS module for httpd called mod_tls. The new module will use the excellent Rustls library for TLS instead of OpenSSL. We hope that someday mod_tls will replace mod_ssl as the default in httpd.

We have contracted Stefan Eissing of Greenbytes, also an httpd committer, to do the work. Google has generously provided the funding.

Introducing ISRG Prio Services for Privacy Respecting Metrics

Wed, 18 Nov 2020 00:00:00 +0000

Today we are announcing a new project for ISRG: operation of Prio Services infrastructure. Prio Services will be a second project joining Let’s Encrypt under the ISRG umbrella.

Applications such as web browsers, mobile applications, and websites generate metrics. Normally they would just send all of the metrics back to the application developer, but with Prio, applications split the metrics into two anonymized and encrypted shares and upload each share to different processors that do not share data with each other. This way only minimal information about the original metrics is revealed to either processor. Each processor then aggregates its shares into a partial sum. The partial sums can then be combined into a final aggregation, permitting useful statistics over the whole body of metrics while revealing minimal information about individual users. To learn more about the foundations of Prio, we recommend reading the Prio research paper by Henry Corrigan-Gibbs and Dan Boneh of Stanford University.

We have been researching Prio technology for some time because the privacy provided by this service can deliver significant benefits to the public. Application end-users have little control over the metrics that are collected about their application usage and how that information is used by developers. When applications use systems like ISRG’s Prio Services, end-users won’t have to just trust that they are safe from an attacker stealing and disclosing their information, or a company selling their personal data, or a government collecting their information for mass surveillance. By offering low-cost and easy-to-use cryptographic privacy protection for user metrics, ISRG will be taking a significant step to protect the general public from privacy violations. It is our hope that privacy respecting metrics will become an expectation for application developers. We are excited to offer this service to lead the way.

ISRG will operate Prio data share processors as a service to facilitate a subscriber's private metrics systems. Our Site Reliability Engineering team maintains our open source data share processor and operates a 24 / 7 oncall schedule to ensure it functions smoothly. Subscribers to ISRG's Prio Services are responsible for getting a second data share processor which implements the same protocol as ours, as well as sharing, encrypting, and uploading metrics from their applications to the data share processors and assembling the final aggregation.

We are in the process of building out this service for our first subscribers, whom we plan to share more information about shortly. We believe we will be the first organization to operate Prio services in a production capacity.

We’d like to thank Dan Boneh and Henry Corrigan-Gibbs for their incredible work developing the Prio idea and system. We’d also like to thank the people at Mozilla Firefox who have begun to experiment with using Prio for Firefox and sharing their experience.

Memory Safe ‘curl’ for a More Secure Internet

Fri, 09 Oct 2020 00:00:00 +0000

Memory safety vulnerabilities represent one of the biggest threats to Internet security. As such, we at ISRG are interested in finding ways to make the most heavily relied-upon software on the Internet memory safe. Today we’re excited to announce that we’re working with Daniel Stenberg, author of ubiquitous curl software, and WolfSSL, to make critical parts of the curl codebase memory safe.

ISRG is funding Daniel to work on adding support for Hyper as an HTTP back-end for curl. Hyper is a fast and safe HTTP implementation written in Rust.

At the same time, ISRG engineers will add support for Rustls as a TLS back-end for curl. Rustls is a safe implementation of TLS, including certificate verification and the network protocol written in Rust. It has been audited and we suggest reading the conclusions on page 11 of the report if you want to get even more excited about Rustls.

At first the memory-safe HTTP and TLS backends will be opt-in. We will work with Daniel and various partners to make sure they are extensively tested, and if all goes well the plan is for the memory safe back-ends to become the default. By making the most frequently used networking code in curl memory safe by default we’ll better protect the billions of people who rely on systems using curl.

Users who need to continue using the unsafe C back-ends for whatever reason will be able to continue doing so by building curl with the C back-ends enabled.

We’d like to thank Daniel for his willingness to be a leader on this issue. It’s not easy to make such significant changes to how wildly successful software is built, but we’ve come up with a great plan and together we’re going to make one of the most critical pieces of networking software in the world significantly more secure. We think this project can serve as a template for how we might secure more critical software, and we’re excited to learn along the way.

We’d also like to thank everyone involved in creating Hyper, Rustls, and the libraries they depend on. In particular we’d like to thank Sean McArthur for his work on Hyper, Joseph Birr-Pixton for his work on Rustls, and Brian Smith for his work on Ring (which Rustls uses).

The mission of Internet Security Research Group (ISRG) is to reduce financial, technological, and educational barriers to secure communication over the Internet. ISRG is a California public benefit corporation, recognized by the IRS as a tax-exempt organization under Section 501(c)(3). Our work is funded, in part, by individuals from more than 55 countries around the world. To donate, visit https://letsencrypt.org/donate

Welcoming Vicky Chin to the ISRG Board of Directors

Mon, 08 Jun 2020 00:00:00 +0000

Paramount to ensuring the Internet continues to be the most fundamental tool to connect, learn, and express, is the notion that the Web be free and open, safe and privacy-respecting.

Director of Desktop Product Development at Mozilla Vicky Chin

We are pleased to welcome Vicky Chin, Director of Desktop Product Development at Mozilla, to the ISRG Board of Directors!

Mozilla is an important part of the history of ISRG and has had a consistent role on the Board since its founding. Vicky steps into this role taking the place of longtime board member Laura Thomson. We are grateful for Laura’s leadership and cheer her on in her new role as VP of Engineering at Fastly.

Vicky is an ardent advocate of nonprofit tech as a hub for innovation for the public benefit. “Let’s Encrypt works so well because ISRG took a complex problem and figured out a way to solve it on a global scale,” she said.

Global impact has been a part of Vicky’s career since her time at IBM. She served in Nigeria’s Cross River State providing pro-bono work via IBM’s Corporate Service Corps. “I was pleased to apply my professional skills to a greater cause.”

Seeking that greater good led Vicky to her current role at Mozilla. A fellow nonprofit whose values align closely with ISRG, Mozilla is central to the work of ensuring a free and open Web. “Paramount to ensuring the Internet continues to be the most fundamental tool to connect, learn, and express, is the notion that the Web be free and open, safe and privacy-respecting. Let’s Encrypt is a critical component of the free and open Web,” she shared.

With her enthusiasm on the importance of the nonprofit sector, Vicky will bring tremendous perspective on championing ISRG’s value and impact to people around the world. She added, “I’m excited to join the Board as an advocate to bring more exposure to ISRG’s work.”

Please join me in welcoming Vicky to the ISRG Board of Directors!

Meet Radiant Award Recipient Claudio Jeker

Wed, 11 Dec 2019 00:00:00 +0000

OpenBGPD is a key software component used by many Internet Exchange Points to help redistribute Internet routing information. Any security improvements at this level of the core infrastructure positively impacts the Internet experience for everyone!

Claudio Jeker

We’re excited to announce the third Radiant Award recipient, Claudio Jeker.

When we at ISRG think about the greatest threats to Web security today, the lack of Border Gateway Protocol (BGP) security might top our list. Claudio's passion for networking, his focus on security, and his talent as a software developer are enabling him to make great contributions to fixing this and other Web security problems. In particular, he is making great contributions to OpenBSD and OpenBGPD.

Our partner in making today’s award possible is Internet Society. We’d like to thank them for their generous support of this award and its recipient.

Claudio has take the time to write some thoughts about his work. We're happy to share them below, please enjoy.

When I learned I was the recipient of a Radiant Award, I was very surprised and excited! My work as OpenBSD contributor and lead developer of OpenBGPD sometimes feels visible to only a small group of people. But regardless of visibility, I believe it is pertinent and has helped improve Internet security in many ways.

OpenBSD is well known for its security practices and principles. The security angle was a goal from the start of the OpenBSD project, and even though focus areas changed over time, this north star remains. This dream was not only about fixing security holes, but also learning from them and applying those lessons across the board. One of the key tricks is restricting privileges to the minimal required. One way this can be done is using privilege separation. Many daemons in OpenBSD are privilege separated. The basic idea is to split a process into multiple processes, each running with minimum privileges.

In the last two years I focused primarily on OpenBGPD, an open source implementation of the Border Gateway Protocol version 4 ("BGP-4"). Through BGP-4, service providers distribute the network routing information that makes the Internet...the Internet. Unfortunately BGP-4 has a big flaw: it was designed assuming a fair degree of trust and gracious cooperation.

An all too common assumption is that all your adjacent BGP-4 speaking networks will only announce correct information to you. However, the BGP-4 protocol itself doesn't do much to guard against misconfiguration or adversarial operations on the other side. On a very frequent interval, Routing Table leaks spread through BGP-4 (either by accident or for malicious reasons), causing large outages. It is only possible to mitigate these effects by rigorously filtering every BGP-4 route announcement. These filters are most effective when applied at important inter-connection points such as the administrative boundary between organisations connected to the Internet.

OpenBSD's BGP implementation was built with privilege separation ("privsep") in mind. Because of 'privsep', the exploit risk surface is reduced, but also the system has the opportunity to become more scalable. Before I started my work, the filtering capabilities were limited. Processing updates with large rulesets took to long. It is not ideal when network updates are delayed. Using fast lookup tables and a ruleset optimiser made a huge difference and now OpenBGPD scales nicely to hundreds of sessions. As a side effect of the privsep design, even peak workloads won't cause service interruptions, since the load is distributed across multiple processes.

And this is where my work has impact on everyone's daily lives. OpenBGPD is a key software component used by many Internet Exchange Points to help redistribute Internet routing information. Any security improvements at this level of the core infrastructure positively impacts the Internet experience for everyone!

- Claudio Jeker, December 2019

Meet Radiant Award Recipient Rachel Player

Thu, 21 Nov 2019 00:00:00 +0000

I find lattice-based cryptography interesting because of the advanced applications it enables. In some cases, we don’t know how to otherwise build these applications using cryptography based on different hard problems.

Rachel Player (Photo by Catherine Oughtibridge)

We’re excited to announce the second Radiant Award recipient, Rachel Player. We selected Rachel because of her work on post-quantum cryptography and homomorphic encryption. Both of these areas of cryptography show promise for playing a role in a more secure and privacy-respecting Web in the future.

Two of the concepts that ring through Rachel’s work are the ability to apply research to real-world solutions and bringing more diversity to the field of cryptographic research. We are happy to share this thinking with you below, please enjoy.

Our partner in making today’s award possible is Internet Society. We’d like to thank them for their generous support of this award and its recipient.

For me, some of the most interesting research problems stem from the idea of applicability. In fact, this is how I got into cryptography: I was interested in applying the number theory and algebra I had enjoyed studying as an undergraduate. I specialise in lattice-based cryptography , which describes cryptographic schemes whose security is based on lattice problems, as opposed to (for example) factoring or discrete logarithms. I find lattice-based cryptography interesting because of the advanced applications it enables. In some cases, we don’t know how to otherwise build these applications using cryptography based on different hard problems.

For example, recently I have focused a lot on homomorphic encryption, one popular application of lattice-based cryptography. This is a technology that enables computation on encrypted data, without having access to the secret key, or otherwise learning the underlying data. This could be applied to gain useful insights from medical, genomics or finance data, where the need for data privacy has so far prevented such applications. The last few years have been a particularly interesting time to work in homomorphic encryption as we see the transition from proof-of-concept implementations towards commercial viability.

As well as applicability, another recurring theme for me is accessibility. When using developing technologies like homomorphic encryption, we need to take care to balance considerations of performance, correctness, and security, all three of which are active research areas. When tackling these questions, I have always tried to keep the user in mind. Because the range of applications is so wide, there are many potential users who may not be experts in cryptography. Therefore, there is a pressing need to create tools in order to make this technology accessible. In an ideal world, an optimal choice of parameters would be generated without the user ever realising the years of research work that have gone on behind the scenes!

I would also like to make the process of becoming a cryptographic researcher itself more accessible. In high school, I loved mathematics and problem solving, but actively decided not to study A Level computing, which I felt was not for “people like me”. (UK students aged 16-18 typically study for 3 or 4 Advanced Level qualifications, known as A levels; these are the final qualifications obtained on leaving high school). It was many years before I realised that studying computer science could enable me to contribute to the technologies of the future and was in fact aligned with my interests! I was lucky to come from a supportive family with parents who had been to university, so the path to becoming an academic was not too alien. Not all of my peers at the time were so fortunate, so when the opportunity came up to talk at my high school about a career in research, I didn’t hesitate.

I wrote more about my experience in high school on the WISDOM blog. The WISDOM group at Royal Holloway, University of London, aims to raise the profile of women working in mathematics and information security, and to increase diversity in these fields. Being part of supportive networks such as WISDOM has been essential to my career success so far, and I would encourage everyone to get involved!

- Rachel Player, November 2019

Website: https://rachelplayer.github.io
Twitter: @yayworthy

Max Hunter Joins ISRG Board of Directors

Thu, 25 Jul 2019 00:00:00 +0000

Let’s Encrypt has become such a core pillar of the Internet. I look forward to translating its mission for funders who share ISRG’s values.

Engineering Director at EFF Max Hunter

Max Hunter, of Electronic Frontier Foundation (EFF), brings a wealth of technology and privacy experience as the newest member of the ISRG Board of Directors. “Three years ago only 40% of page loads were encrypted. There’s been a fundamental shift for the Internet as a whole and I’m tremendously excited to be part of a project that is so successful,” he said.

EFF has long had representation on our board and Max will continue that as current EFF member, Peter Eckersley, departs. We’d like to thank Peter for his contributions to ISRG and look forward to a future of friendship.

Max offers valuable perspective on our recommended ACME client software, Certbot, which is run and maintained by his team at EFF. Certbot is an important part of the ACME ecosystem as one of the most popular clients for requesting a Let’s Encrypt certificate. It was also one of the first clients able to manage provisioned certificates and automatically request and install renewals. Max leads work on distribution-agnostic packaging for Certbot, building the documentation site, and making user testing-driven improvements for the software.

In his work at EFF, which is a non-profit like ISRG, Max focuses on helping populations of people who otherwise might not be able to advocate for themselves. We look forward to Max’s contributions in helping ISRG and Let’s Encrypt to continue to serve site visitors around the world to have a more privacy-respecting experience, regardless of their knowledge of encryption.

Fundraising is an essential part of ensuring the stability of ISRG and Let’s Encrypt. Every day, we issue more than one million certificates and there are costs associated with that service. Max has over a decade of experience in helping tech, arts, and mobility nonprofits with raising the funds they need to achieve their impact. He added, “Let’s Encrypt has become such a core pillar of the Internet. I look forward to translating its mission for funders who share ISRG’s values.”

Welcoming Christine Runnegar to the ISRG Board of Directors

Wed, 16 Jan 2019 00:00:00 +0000

It’s my personal and professional mission to increase online privacy and security for Internet users all over the world.

Senior Director of Internet Trust at Internet Society Christine Runnegar

We are happy to announce that Christine Runnegar, Senior Director of Internet Trust at Internet Society, joined the ISRG Board of Directors in late 2018.

Let’s Encrypt operates under a complex policy and legal framework and Christine brings great knowledge to help expand our perspective. As she stated, “Throughout my career, I’ve advocated for policies that support an open, globally-connected, secure, and trustworthy Internet for everybody.” Good policy frameworks are essential to providing our service; without them, it is hard for us to build the tech and create the services that will achieve our mission of creating a 100% encrypted Web for everyone.

Working with industry groups and policy bodies is an important part of what we do at ISRG and we welcome Christine’s contribution here as well.

Christine expands our board’s global perspective with her career experience. She worked for many years in the Australian government, and now occupies an internationally-focused role at Internet Society. “It’s my personal and professional mission to increase online privacy and security for Internet users all over the world,” she said. “During the course of my career, I have learned that not everyone has the same access or ability to take advantage of the privacy and security tools that are available. That is why I am very excited to be joining ISRG to help create a more secure and privacy-respecting Internet for everyone.”

Please join me in giving Christine a warm welcome!

Meet Radiant Award Recipient Jason Donenfeld

Tue, 04 Dec 2018 00:00:00 +0000

Nonetheless there is some advantage in treating code with a similar artistic perfectionism, not because there is value in pretending that coding is some profound activity, but because by viewing code from an aesthetic point of view, one is unable to avoid obsessing over every detail.

Jason Donenfeld

We’re excited to announce the first Radiant Award recipient, Jason Donenfeld. We selected Jason because his work embodies two principles of security thinking that we admire: simplicity and auditability. We could see these principles shining through in his work, most notably in the great technology WireGuard. When we asked him to share his thinking on developing secure technologies, we were given insight into the care and consideration that leads to the manifestation of these principles in Jason’s work. We are pleased to share this thinking with you below, please enjoy.

Our partner in making today’s award possible is Internet Society. We’d like to thank them for their generous support of this award and its recipient.

The Internet Security Research Group has asked me to share a few amorphous thoughts on making computery things, as part of my acceptance of the Radiant Award.

1. Programmers love to program. For this reason, codebases seldom remain small and manageable, but rather, they grow so long as there is enthusiasm. The enthusiastic programmer supposes that each new feature can either be implemented by abstracting parts of the existing code base, or simply by bolting onto it unseemly hacks. This enthusiasm is propelled by cheerful users, who clamor for features, integrations, special-casing for particular use cases, convenience, or trends. There is nothing particularly wrong with that, and many facets of life have a similar structure: companies grow in relation to their customers, cities blossom in relation to societal trends, and even an individual’s own set of knowledge and interest expand organically throughout life. But not all things have this structure. Writing or artwork, for example, is often created with the intention of finishing and perfecting it, with the result of the labor simultaneously a statement of an idea as well as the artifact representing it.

But while the artistic artifact often strives to be universal, a piece of code is inherently contingent on its technological particulars, serving a particular utility. Nonetheless there is some advantage in treating code with a similar artistic perfectionism, not because there is value in pretending that coding is some profound activity, but because by viewing code from an aesthetic point of view, one is unable to avoid obsessing over every detail. Any potential addition to the codebase as a whole confers a particular anxiety, as each addition threatens to disturb the aesthetic harmony. In considering features and additions to a particular codebase, it is possible to apply this principle to the whole of the system in which that codebase will live, to ask what is the ideal harmonization of all constituent parts. It therefore becomes the job of the programmer to balance the aesthetic motivation, on one hand, with the utilitarian and technologically contingent nature of the activity, on the other. The result of walking this careful balance is usually code that is simpler and more enjoyable to read, and sometimes that translates to being a more secure codebase too.

2. The “hacker mindset” is extraordinarily stimulating, as far as computer activities go. It frequently involves pulling back the fabric of expectations, to reveal what actually lingers beneath a given system. It involves looking in neglected corners and searching for the machine-inside-the-machine. The mindset pairs knowledge of obscurities with a sort of upside-down creativity. Generally security researchers find themselves breaking things all the time, which for the most part involves exciting puzzles and a seemingly never ending supply of novel tricks. But at the end of the day, the majority of systems one breaks are rather ugly, and if breaking ugly things is the only outlet for such a fascinating way of thinking, that’s rather disappointing. In 2013, Travis Goodspeed inspired me to consider an alternative approach, with his Southern Appalachian Space Agency (SASA), in which he reverse engineered an old gyro-stabilized navy dish for geostationary satellites to become a land-based moving satellite tracker. Rather than the usual destructive approach, SASA is almost entirely creative, yet still draws on a lot of the same constrained-environment trickery beloved by hackers. The SASA example has been an instructive anchoring point for determining to which kinds of projects I devote my time.

- Jason Donenfeld, December 2018

Internet: www.zx2c4.com and www.wireguard.com
Twitter: @EdgeSecurity and @zx2c4
Email: Jason@zx2c4.com

Welcoming Aanchal Gupta to the ISRG Board of Directors

Mon, 19 Nov 2018 00:00:00 +0000

I have learned many lessons about how to operate and deliver secure services at scale, and look forward to sharing best practices around what works and what doesn't.

Director of Security at Facebook Aanchal Gupta

We are delighted to announce our newest board member: Aanchal Gupta, Director of Security at Facebook.

Aanchal brings a depth of experience in leading security and privacy initiatives, including previous work at Microsoft and Yahoo. Throughout her career, Aanchal’s work has focused on how encryption can benefit people using the internet. As she described it, “The internet is part of the very fabric of who we are. If we can make it safer for everyone - that’s our family, our friends, and our kids, we will build stronger and safer communities.”

This end-user mindset is incredibly important to us at ISRG and drives many choices we make. Secure digital infrastructure can only happen with the cooperation of many large organizations, but our end goal is a more secure and privacy-respecting Web for the average person.

Aanchal also carries the perspective of someone who builds for scale. In her time at Facebook, she worked on securing the services used by billions of users. “I have learned many lessons about how to operate and deliver secure services at scale, and look forward to sharing best practices around what works and what doesn't," she said.

Scalability is one of ISRG’s foremost concerns in our focus on supporting critical digital infrastructure. Let’s Encrypt was designed from the start to be able to scale to serve a large portion of the Web. When we assess the feasibility of future projects, we think about how they can do the most good for the most people. We appreciate that Aanchal will bring experience with scale to the conversation.

Lastly, Aanchal’s deep commitment to diversity will help us ensure the future of the Web is built for the diverse composition of people who rely on it. Internally, she has built diverse teams, and she has represented the importance - and presence - of diverse people at last year’s OurSA conference.

We look forward to working with Aanchal for years to come.

ISRG: A Home for Public Benefit Digital Infrastructure

Sat, 22 Sep 2018 00:00:00 +0000

Welcome to the new website for Internet Security Research Group (ISRG).

ISRG was created in 2013 to build and improve digital infrastructure for a more secure and privacy-respecting world. Our first project, Let’s Encrypt, is a free, automated, and open Certificate Authority that catalyzed widespread HTTPS adoption across the Web. Today, Let’s Encrypt secures more than 125 million websites.

While most of what ISRG does these days relates to Let’s Encrypt, we believe there will be other instances in which public benefit digital infrastructure can help to build, or improve access to, a better Internet. As such, there may be other ISRG initiatives in the future. We want ISRG to have its own home on the Web where we can communicate more broadly about security and privacy-related issues and projects.

ISRG is a 501(c)(3) that is fully supported through the generosity of those who share our vision for ubiquitous, open Internet security. If you’d like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.