diff options
Diffstat (limited to 'notes/the-us-lock-of-the-web.md')
| -rw-r--r-- | notes/the-us-lock-of-the-web.md | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/notes/the-us-lock-of-the-web.md b/notes/the-us-lock-of-the-web.md index e6298e2..255ca04 100644 --- a/notes/the-us-lock-of-the-web.md +++ b/notes/the-us-lock-of-the-web.md @@ -13,7 +13,7 @@ lang = "fr" url = "/notes/verrou-états-unien-du-web" --- -# The us lock of the Web +# The US lock of the Web  Let's talk about **Let's Encrypt**. @@ -35,14 +35,18 @@ If you don't know what Let's Encrypt or a certificate authority is, then this bl In order to democratize the use of HTTPS, Let's Encrypt revolutionized certification in two points: -- _Free Of Charge._ Certification by Let's Encrypt is free, period. For competitors in 2014, a certificate cost VERY expensive. Even today, it is the factor that most actors choose **Let's Encrypt**. For information, a certificate costs €188/year at [GlobalSign]... for [a generic certificate] at sectigo. +- _Free Of Charge._ Certification by Let's Encrypt is free, period. For competitors in 2014, a certificate cost VERY expensive. Even today, it is the factor that most actors choose **Let's Encrypt**. For information, a certificate costs €188/year at [GlobalSign](https://shop.globalsign.com/fr/ssl)... $800 for [a wildcard certificate](https://www.sectigo.com/fr/blog/cout-certificat-ssl-guide-achat) at sectigo. - _Automation._ While retrieving a certificate in 2014 required a long verification process, payment, and then manual renewal, Let's Encrypt automates everything. This facilitates everyone's work and contributes to a safer web. :::: -## Dependence on Let's Encrypt +In concrete terms, this means that Let's Encrypt will refuse to issue a certificate to any entity—be it a company, organization, or individual—that has been sanctioned. +For instance, no website operating in Russia or Iran can obtain these certificates. +To be more specific, [Nicolas GUILLOU](https://sanctionssearch.ofac.treas.gov/Details.aspx?id=54211), one of the International Criminal Court judges who issued the international arrest warrant against Netanyahu, cannot get certified by Let's Encrypt, even if he uses a subcontractor. -A year ago, [Stéphane Bortzmeyer] posted on Mastodon that 80% of certificates on the web came from **Let's Encrypt**. +## Dependence on Let's Encrypt + +A year ago, [Stéphane Bortzmeyer](https://en.wikipedia.org/wiki/St%C3%A9phane_Bortzmeyer) posted on Mastodon that 80% of certificates on the web came from **Let's Encrypt**. Naturally, I wanted to verify this. In particular, I wanted to check to what extent _I was, myself_, an average European, dependent on _Let's Encrypt_.[^ca_ache.one] @@ -76,7 +80,7 @@ Then **Let's Encrypt** is slightly more productive proportionally, but this does To analyze my personal reliance on Let's Encrypt, I rather opted for a web plugin to install in Firefox. This analyzes all the sites that I visit and records the associated certificate authority upon the website’s first visit (within the current month). -I present [Cert Check] (https://addons.mozilla.org/fr/firefox/addon/cert-check/). +I present [Cert Check](https://addons.mozilla.org/fr/firefox/addon/cert-check/). I installed this extension last year on all my devices. I can therefore be very precise regarding my concrete dependence on each certificate authority |