The idea that you can put sensitive data into a system and be able to get an accurate summary of that data without people having access to the specifics is very useful.
Richard Barnes has been a Director on ISRG's board since 2017 and has been involved with our work for much longer. In fact, Richard wrote the original version of the boulder codebase that runs Let's Encrypt. Josh Aas and Eric Rescorla, two of the the founders of Let's Encrypt, approached him at an IETF meeting to discuss how to develop the Certificate Authority (CA) codebase. They'd all heard good things about Go, a relatively new language, so Richard did some tutorials and wrote the first version of boulder on the long flight home from the IETF meeting. A few lines of that original code are still in production today!
Richard also played an important role in driving the standardization process for the Automated Certificate Management Environment (ACME) protocol that underpins our certificate issuance. "I saw the opportunity for this to be a standard that could be useful across the ecosystem. We wanted Let's Encrypt to be a beacon for operational best practices for all of the Web PKI," said Richard. He helped the ACME protocol to become an IETF RFC, ensuring a process of open discussion and collaboration. Since the standardization process, ACME has been adopted by several CAs in addition to Let's Encrypt.
Today, ISRG is going through a process that is quite similar to standardizing ACME with the development of Divvi Up, a new service that enables privacy-respecting metrics collection. Divvi Up uses the Privacy Preserving Metrics (PPM) protocol, which is being standardized in the IETF currently. "This is a process that involves rough consensus and running code. What gave ACME a lot of power was that it was running in Let's Encrypt infrastructure while we were working on it in the IETF. When people said things couldn't be done we had working proof that it could," Richard noted. ISRG began operating the predecessor to PPM in late 2020 for Covid-19 exposure notification apps, and is now building the Divvi Up service to mirror the IETF specification.
Richard observed that the impact of Divvi Up on Internet security and privacy could be quite large. "The idea that you can put sensitive data into a system and be able to get an accurate summary of that data without people having access to the specifics is very useful," he said, "For example, if independent review boards get wind of this, it could revolutionize science. Scientists could get exact summaries of the information without people having to give up their exact data."
In the four years that Richard has been a member of ISRG's Board, our organization and impact have both grown. "I am proud that we have built and maintained a piece of critical infrastructure in Let's Encrypt and extended that success to other domains with Divvi Up and Prossimo. We have proven that a small, focused organization can have an impact on the internet. You can do a lot with not a lot if you are really focused about it," he concluded. We're grateful to Richard for his continued role in helping us achieve our mission.
ISRG is a 501©(3) nonprofit organization that is 100% supported through the generosity of those who share our vision for ubiquitous, open Internet security. If you'd like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.