Let’s Encrypt comes up with workaround for abandonware Android devices

Broken padlocks piled in a corner.

Enlarge / Pictured: An alternate future for many Android phones in 2021. (credit: Jan Kaláb CC BY-SA 2.0 / Flickr)

Things were touch-and-go for a while, but it looks like Let's Encrypt's transition to a standalone certificate authority (CA) isn't going to break a ton of old Android phones. This was a serious concern earlier due to an expiring root certificate, but Let's Encrypt has come up with a workaround.

Let's Encrypt is a fairly new certificate authority, but it's also one of the world's leading. The service was a major player in the push to make the entire Web run over HTTPS, and as a free, open issuing authority, it went from zero certs to one billion certs in just four years. For regular users, the list of trusted CAs is usually issued by your operating system or browser vendor, so any new CA has a long rollout that involves getting added to the list of trusted CAs by every OS and browser on Earth as well as getting updates to very user. To get up and running quickly, Let's Encrypt got a cross-signature from an established CA, IdenTrust, so any browser or OS that trusted IdenTrust could now trust Let's Encrypt, and the service could start issuing useful certs.

When it launched in 2016, Let's Encrypt also issued its own root certificate ("ISRG Root X1") and applied for it to be trusted by the major software platforms, most of which accepted it sometime that year. Now, several years later, with IdenTrust's "DST Root X3" certificate set to expire in September 2021, the time has come for Let's Encrypt to stand on its own and rely on its own root certificate. Since this was submitted four years ago, surely every Web-capable OS currently in use has gotten an update with Let's Encrypt's cert, right?

Read 7 remaining paragraphs | Comments



from Tech – Ars Technica https://ift.tt/2Kxf0qi

Comments