Plus: SentinelOne picks up Scalyr, fatal flaws in TCP, and a view on Supermicro
Share
Copy
In brief Internet Security Research Group nonprofit Let's Encrypt has massively upgraded its certification hardware and software so that it can delete and reissue all its certs in less than 24 hours.
Last April the certificate authority was forced to kill three million HTTPS certs after a bug was found in its automated certificate management environment, about 2.6 per cent of its 150 million live certificate base. That caused some head-scratching.
"What if that bug had affected all of our certificates? That's more than 150 million certificates covering more than 240 million domains," said Let's Encrypt exec director Josh Aas. "What if it had also been a more serious bug, requiring us to revoke and replace all certificates within 24 hours? That's the kind of worst case scenario we need to be prepared for."