Excellent project. But note it's still "arriving-mid-May"

Previous HN discussion from their launch ~6months ago, are here: * Launching in 2015: A Certificate Authority to Encrypt the Entire Web https://news.ycombinator.com/item?id=8624160 * Let's Encrypt: How It Works https://news.ycombinator.com/item?id=8640756

Where are you seeing mid may? the website mentions mid 2015.

I think their website used to say mid may and they updated it.

Is there some news here? I'm a huge fan of this idea but until it actually launches I don't see any point getting too excited about it.

In a more general sense, why have none of the larger players, who, I would have thought could easily do it, not ventured into this space?

Why are Google, Amazon, Microsoft, etc. not offering me free SSL certs based on their own existing ability to verify my identity in so many ways, far better than letsencrypt or anybody else, really? I'm really curious about what is the barrier here that makes this so hard that basically nobody is doing it? And if those barriers are so high, why is StartSSL able to do it?

StartSSL is able to do it because they cut out the nickle and dimeing BS. They state it clearly on their page, it costs them practically nothing to issue their class 1 certificates because the process is automated, so they simply don't charge for it. I would guess it's easy for them to do it since it's their business anyway. As for the others, it's probably too much of a hassle to set up and maintain a public CA.

Can someone explain why EVERYTHING on the internet needs to be encrypted? For information that is obviously public (e.g. anything from today's articles on the New York Times to the installation image for Windows), doesn't it make more sense to encrypt the hash of the file, while making the file itself plaintext? That would seem to make it much easier to cache the data midway, reducing network traffic.

The way HTTPS works allows for authentication of the received data. Even for "obviously public" data, this is essential: an installation image of Windows could be modified to include malware, or news articles could be edited on the fly during transmission.

Once everything is encrypted, the only things that can be known of a request are the origin IP and the destination IP.

This seems to want to move the trust relationship to just encompass the server, whereas the traditional CA aims to establish 'trust' in the organisation behind the server (via verification in business registry, or via national identity card/passport for individuals). Given this redefinition of trust, will the LE root cert have a chance of ending up in IE, Safari or Chrome?

Maybe in theory, but in practice today it's already server-trust.

Acceptance into Mozillaʼs CA Certificate Program is usually discussed in public. Let's encrypt is not on the list of pending CA applications[0]. Does anyone know if they are introducing a new root certificate or teaming up with an existing CA?

[0] https://wiki.mozilla.org/CA:PendingCAs

I believe they are cross signed by IdenTrust which is trusted.

Thanks. You're right. Now I'm just wondering what IdenTrust gains from free DV certificates.

According to Let's Encrypt, top sponsors include EFF, Mozilla, Cisco, Akamai, IdenTrust and Automattic.

[editing to add other sponsors]

Has Google or MS said if they will import the root LE cert into their respective browsers?

When exactly is it launching?

I thought Let's Encrypt had finally launched too. :(