May 24, 2023
It's hard to believe 10 years have passed since Eric Rescorla, Alex Halderman, Peter Eckersley and I founded ISRG as a nonprofit home for public benefit digital infrastructure. We had an ambitious vision, but we couldn't have known then the extent to which that vision would become shared and leveraged by so much of the Internet.
Since its founding in 2013, ISRG's Let's Encrypt certificate authority has come to serve hundreds of millions of websites and protect just about everyone who uses the Web. Our Prossimo project has brought the urgent issue of memory safety to the fore, and Divvi Up is set to revolutionize the way apps collect metrics while preserving user privacy. I've tried to comprehend how much data about peoples' lives our work has and will protect, and tried even harder to comprehend what that means if one could quantify privacy. It's simply beyond my ability.
Some of the highlights from the past ten years include:
May 24, 2013: ISRG is incorporated, intending to build Let's Encrypt
November 18, 2014: The Let's Encrypt project is announced publicly
September 14, 2015: Let's Encrypt issues its first certificate
October 19, 2015: Let's Encrypt becomes publicly trusted
December 3, 2015: Let's Encrypt becomes generally available
March 8, 2016: Let's Encrypt issues its millionth certificate
June 28, 2017: Let's Encrypt issues its 100 millionth certificate
March 11, 2019: The ACME protocol becomes an IETF standard
February 27, 2020: Let's Encrypt issues its billionth certificate
October 26, 2020: ISRG board approves a privacy preserving metrics project, now Divvi Up
December 9, 2020: ISRG board approves a memory safety project, now Prossimo
December 18, 2020: Divvi Up starts servicing COVID exposure notification
October 3, 2022: Support for Rust is merged into the Linux kernel
All this wouldn't be possible without our staff, community, donors, funders, and other partners, all of whom I'd like to thank wholeheartedly.
I feel so fortunate that we've been able to thrive. We're fortunate primarily because great people got involved and funders stepped up, but there's also just a bit of good fortune involved in any success story. The world is a complicated place, there is complex context that one can't control around every effort. Despite our best efforts, fortune has a role to play in terms of the degree to which the context swirling around us helps or hinders. We have been fortunate in every sense of the word and for that I am grateful.
Our work is far from over. Each of our three projects has challenges and opportunities ahead.
For Let's Encrypt, which is more critical than ever and relatively mature, our focus over the next few years will be on long-term sustainability. More and more people working with certificates can't recall a time when Let's Encrypt didn't exist, and most people who benefit from our service don't need to know it exists at all (by design!). Let's Encrypt is just part of how the Internet works now, which is great for many reasons, but it also means it's at risk of being taken for granted. We are making sure that doesn't happen so we can keep Let's Encrypt running reliably and make investments in its future.
Prossimo is making a huge amount of progress moving critical software infrastructure to memory safe code, from the Linux kernel to NTP, TLS, media codecs, and even sudo/su. We have two major challenges ahead of us here. The first is to raise the money we need to complete development work. The second is to get the safer software we've been building adopted widely. We feel pretty good about our plans but it's not going to be easy. Things worth doing rarely are.
Divvi Up is exciting technology with a bright future. Our biggest challenge here, like most things involving cryptography, is to make it easy to use. We also need to make sure we can provide the service at a cost that will allow for widespread adoption, so we'll be doing a lot of optimization. Our hope is that over the next decade we can make privacy respecting metrics the norm, just like we did for HTTPS.
The internet wasn't built with security or privacy in mind, so there is a bountiful opportunity for us to improve its infrastructure. The Internet is also constantly growing and changing, so it is also our job to look into the future and prepare for the next set of threats and challenges as best we can.
Thanks to our supporters, we'll continue adapting and responding to help ensure the Web is more secure long into the future. Please consider becoming a sponsor or making a donation in support of our work.