I'm suuuper excited for this to launch! However, it's worrisome that the ACME protocol (what Let's Encrypt uses) still has a ton of bugs open[1] and they are still changing the protocol often. Just search for "TODO" on the spec markdown[2].<p>I want this project to proceed, but they should really focus on getting a much more mature and stable spec before launch. This isn't WebRTC, where you can just continuously tack on additional stuff or change the API constantly. It's TLS certs. The certs issued using this API end up telling people it's safe to input their passwords or credit card numbers.<p>I really hope the ACME spec gets stable before the launch in July.<p>[1]: <a href="https://github.com/letsencrypt/acme-spec/issues" rel="nofollow">https://github.com/letsencrypt/acme-spec/issues</a><p>[2]: <a href="https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md" rel="nofollow">https://github.com/letsencrypt/acme-spec/blob/master/draft-b...</a>
I gather they're not launching with ECDSA certificates (and obviously not with EdDSA or whatever comes out of CFRG, because that's still being discussed by the IETF/IRTF), but they're going to add it later. Any idea when?<p>What's the hold up; HSMs that'll do secp256r1?<p>Because of the huge performance improvement ECDSA brings over RSA, I know I'm not going to be deploying Let's Encrypt certs until I can get ECDSA ones (as well as RSA ones, presumably).
I am really excited about this whole initiative. Mostly because encryption should really be standard at this point if not for the hurdles one has to face in deploying it.<p>What type of help is the Let's Encrypt team still needing?
Very glad to hear there is a launch schedule, have been curious about how this project has been progressing. It's a fantastic intiative and I almost can't wait until September 14.
Very nice initiative.<p>But for me the biggest problem with adoption of SSL is still that every domain name needs it's unique IPv4 address, and all problems that come with that, not registering or paying for the SSL certificate.<p>At work, I usually use virtual hosting for about 100 domains on one IP address. I don't see us buying an IPv4 address per domain and adding them to my NIC configuration one by one. Once we can safely ignore IPv4 and use IPv6 only it will probably become easier and cheaper.