2015/12/08

Die XP: Another benefit of Let's Encrypt

The Let's Encrypt project is a great initiative to move towards a more secure web, removing the costs to apply a secure certificate to a site and providing an automated client to take care of renewals.

This means of course huge changes across the whole the web industry:

Other CA will be forced to drop the price of their equivalent certificates to a bare minimum or make them free also, just to try to keep on some people looking at them.

Hosting providers will have to allow everyone to use a one click install of a free SSL certificate or at least manually update their certificates unless they want their clients to move to a friendlier hosting that allows setting up SSL without paying huge fees.

Website owners now will be able to avoid one of the problems (money) to install a SSL and this will be specially important for small websites. Big companies have enough resources that the cost of a certificate is nothing to them, but for a small website it's clear that every Euro counts, so most of the people didn't think at all about paying just to say that their site now can be used with https.

Hopefully this will mean the end of self-signed certificates or expired certificates, so end users will be able to understand better the difference between a secure site and a non-secure one and so after a while people will reject "old" sites that aren't using SSL, forcing those sites to install one, pushing their hosting companies to allow install of free SSL.

The government spies will have a harder time trying to track what everyone does, and no, this won't be an improvement for terrorists because they are already able to use secure communications but in Paris it has been clear that they used normal non-secure methods.

But there's one more benefit: Most of those small sites that now are installing SSL en masse are using shared hosting, so they don't have a unique IP and that means that they rely on SNI to enable https and it turns out that no version of IE under windows XP (as well as old Android 2.x phones) don't support it, so those that still keep using the old IE8 will now face a new problem because they will have constant security warnings whenever they try to visit all these new https sites.
And this is a good thing!!!

That people keep on using that old IE. I mean, it's old, old, old. Full of bugs, full of problems, a pain for all of us that try to create modern websites if you have to keep supporting it, and now those users will feel a little of that pain (although I guess that they are already suffering from all of us that have left IE8 behind and no longer test it).

Time to ditch IE 8 and move to a modern browser.
 

3 comments:

beetnemesis said...

Apologies for this comment- I'm not sure how else to contact you.

Are there any plans to fix Fox to Phone? Seems like a lot of people, including me, have been getting "Fetching request token failed. Status 404" when they try to send a link.

I've tried reinstalling both the add-on and the app, nothing seems to work.

I hope it's fixable- it's definitely one of my most-used apps.

In any case- thank you for making the app. It definitely has the "this is a simple but brilliant idea" feeling that shows up in the best apps.

Alfonso Martínez de Lizarrondo said...

I'm sorry but changing it to use OAuth2 would require some time that I lack and as this user has correctly stated, even the Android App won't work in a few months so it's better to look for an alternative: https://addons.mozilla.org/es/firefox/addon/foxtophone/reviews/768441/

beetnemesis said...

That's a shame! Thank you for letting me know.

-Dan