Why Let’s Encrypt Is A Step In The Right Direction Of CyberSecurity

A response to John Hurst’s opinion article claiming LE is a Bad Idea.

A couple of days ago, I read John’s article explaining why, in his opinion, Let’s Encrypt is a bad idea.

The fundamental reason why John’s argument doesn’t stand

John links a real concern in the world of cybersecurity to a disastrous event that he claims Let’s Encrypt to be more prone to. Basically, according to John, a hacker could potentially gain access to the private keys of Let’s Encrypt and then fake every website’s certificate.

  1. LE certificates are valid for 90 days. Way lower than any paid certificate.

Let’s Encrypt is Awesome

I own a few personal websites. None of them hold sensitive information. They are my blogs. All are secured with Let’s Encrypt. Before LE, I couldn’t get ranked on google because I didn’t have a certificate and SSL communication.

So what is the takeaway?

John’s article tries to raise awareness to fire and forget policy by blaming Let’s encrypt for being an easy and free solution that allows software developers to automate and forget about it, claiming that if LE’s private key were to be compromised, a lot of sites would be threatened. In reality, if any certificate authority would have been compromised, it would be disastrous, not just LE.

Written by

Engineer, Dragon lover, and Blogger. He/Him. @theorencohen on Social Media. Visit my home: https://thegeekwriter.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store