[Cialug] Now 1 day: Re: 87 days to go. Cert recommendations?

[Nicolai]

On Wed, Jul 15, 2015 at 01:01:00PM -0500, Matthew Nuzum wrote:
> That is epic. I don't just mean the cost, but the whole idea of making this
> drop-dead easy (assuming you can get around on the command line) is way
> over due. The free cost is nice too.

Let's Encrypt might be the biggest thing in TLS since Netscape
introduced SSL back in the 90s.  I think the free cost, essentially
unlimited number of certs allowed, and easy accessibility will in
combination result in a dramatic jump in TLS usage.

It'll also pressure other CAs to lower prices and/or improve services,
such as (down the road) creating a rush to be the first to offer
Ed25519-based certs.  I would pay money for that over free RSA
or ECDSA.

Maybe TLS will become so ubiquitous that self-signed certs for
SMTP will go away, replaced with CA-signed ones, to the point that
self-signed (for mail) triggers warnings by default, with paranoid
setups rejecting it all together.

StartSSL (a great service, I use it) offers free certs, but you only
get one, and there are availablity issues.  By solving price, quantity,
and availability, Let's Encrypt will be the story of the year.

I definitely plan to use it.

Nicolai