LinkLocker

As I've discussed before, this site uses an SSL certificate from Let's Encrypt. Overall I believe they are doing the world a great service by offering certificates for free, but some recent events may be demonstrating a grave problem with their approach—and maybe even with the broader approach taken by implementations of SSL in general. To wit, the recent talk of 14,000 fake-PayPal phishing sites using valid SSL certificates from Let's Encrypt has brought to the forefront what is to my mind one of the potentially fatal flaws in the way we handle encrypted traffic over the Web: the fact that encryption and trust have somehow gotten lumped together as a single monolithic thing in the eyes of most consumers. If a site has a green lock, it's "safe," and that's all there is to it. Unfortunately, that's just not a great way to look at the Web.

LinkLocker uses a certificate provided by Let's Encrypt to enable TLS 1.2 encryption over https. Let's Encrypt is a not-for-profit initiative to spread the use of encrypted transfer to as much of the Web as possible. Their certificates provide verification that a site is what it says it is, and allow for fully encrypted data transfer between two parties (in LinkLocker's case, this means between our server and your computer). These certificates have in the past been costly to obtain, thus ...