We want to establish an alternative to Let’s Encrypt that is taking the core features and values from ISRG.
That’s not based on “bad US!1!”, more then a alternative would strengthen the ecosystem. This also means to create an alternative ecosystem like boulder.
The current challenges are mostly about incorporating the non-profit and structure it right. So that it’s as open as possible.
Motivation? To help shape the security landscape and bring much wanted features that are not viable for Let’s Encrypt to implement. Viable describes that boulder would require major rewrites for it to get implemented.
Specially we want to provide SMIME and .onion certificates.
If I understand correctly, this is an initiative that might have multiple sponsors, so it makes sense to have a central entity organizing it, and following up with all the projects involved. This makes perfect sense to me now.
Also, I was not aware that your org is behind Let’s Encrypt. This puts things into a very positive light.
It might make sense to post a sibling blog post/announcement to explain what this project is about and how it would work. I feel that Google’s post left a lot of questions to be answered.
If you don’t mind me asking, is rust the only language that you have in mind? Would go work as well?
Let's Encrypt is a non-profit organization run as a public service by the Internet Security Research Group. Not exactly the same thing as a competing company. Market forces are not compelling these people to donate money, they're doing it because they believe in the goals of the organization.
Hi Alex. Would you be interested in help running this as a non profit like Let’s Encrypt, but for digital signatures? I would be willing to contribute both financially and infra/DevOps/biz ops to bootstrap.
They are a separate legal entity, with multiple independent sources of funding and a diverse range of board members[1]. I'm not sure about degrees of independence, but I would say this satisfies my criteria. Are you arguing they aren't really independent of their sponsors?
I emailed Troy to ask if he'd consider operating it as a non-profit utility similar to Let's Encrypt, and offered to help (because it's only fair if you come with an ask).
Trying to squeeze profits out of what should be a non profit (like Let's Encrypt, Quad 9, etc), an open protocol message broker between various interfaces.
We need the non profit idp equivalent of Lets Encrypt for this function. Otherwise, the cycle continues (accumulate customers, sell out, shareholders squeeze the customer base, customers churn to new orgs, etc).
Sigh. There are so many people doing this. I couldn't access the main article but read the Kickstarter page. From what I understand this is a plea for funding for (basic) components that are already built by other teams, but with an extra layer of encryption and a copy-cat UI.
Why not just focus on encrypting content on an existing decentralized network project like pump.io or GNU social? Or any other open network? Build on some momentum that is already there rather than debug message transport for life?
For anyone who wants to donate to directly support Let's Encrypt, its parent entity is Internet Security Research Group, a 501(c)(3) charitable entity. You can make donations to ISRG at https://letsencrypt.org/donate/. Businesses can also become formally recognized sponsors at https://letsencrypt.org/become-a-sponsor/ (though that might not match the giving patterns or preferences of DuckDuckGo).
Thanks to DuckDuckGo for all of its donations this year and other years.
Always nice to see some private companies stepping up. Specifically Cisco, Luna, Thales, and Fortinet. I'm sure there are a bunch others that donate their resources to Lets Encrypt.
Interesting model having a firm sponsor a specific part of the infrastructure. Don't think I've seen this before, reminds me of sports style sponsorships.
Great that lets encrypt gets funding, long may it continue!
A non-profit foundation with $50 million in the bank dedicated to providing usable encryption to the general public, with no other agenda other than the public good.
Go read the blog post by Moxie and Brian Acton (who is joining Signal). Very exciting!
Not a software company, but the cheese board collective in Berkeley seems very interesting. They have survived for a very long time through the pandemic, etc. Impressive.
Not quite an answer either, but one reason for my interest in alternative models of operation is the IETF. It is, and has been a remarkably effective organization. Thanks to them I am typing on my computer at home and sending this out. They do _not_ have members. I understand that they are not a business, but they are more effective than any software company I worked for.
We want to establish an alternative to Let’s Encrypt that is taking the core features and values from ISRG. That’s not based on “bad US!1!”, more then a alternative would strengthen the ecosystem. This also means to create an alternative ecosystem like boulder.
The current challenges are mostly about incorporating the non-profit and structure it right. So that it’s as open as possible.
Motivation? To help shape the security landscape and bring much wanted features that are not viable for Let’s Encrypt to implement. Viable describes that boulder would require major rewrites for it to get implemented.
Specially we want to provide SMIME and .onion certificates.
reply