Security News > 2021 > February > Let's Encrypt completes huge upgrade, can now rip and replace 200 million security certs in 'worst case scenario'

Internet Security Research Group nonprofit Let's Encrypt has massively upgraded its certification hardware and software so that it can delete and reissue all its certs in less than 24 hours.

Last April the certificate authority was forced to kill three million HTTPS certs after a bug was found in its automated certificate management environment, about 2.6 per cent of its 150 million live certificate base.

"What if that bug had affected all of our certificates? That's more than 150 million certificates covering more than 240 million domains," said Let's Encrypt exec director Josh Aas.

"What if it had also been a more serious bug, requiring us to revoke and replace all certificates within 24 hours? That's the kind of worst case scenario we need to be prepared for."

After upgrading its network to fiber and replacing aging Intel big iron with the latest AMD Epyc chip, not to mention some cunning software changes, Let's Encrypt now says it can revoke and replace 200 million certificates in less than 24 hours, should a catastrophic security failure occur.

Machine-learning security specialist SentinelOne has splurged $155m in cash and equities for 10-year-old startup Scalyr to try to speed up operations.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/15/in_brief_security/