• About Let's Encrypt's Security Posture: Worries about the use of unsafe languages like C and C++ in its operating system and network infrastructure. The CA software is in memory-safe Golang, but lack of memory safety leads to vulnerabilities.
• Prossimo Project: Started in 2020 to make critical software infrastructure for the Internet memory safe. Invested in various software components like Rustls TLS library, Hickory DNS, River reverse proxy, sudo-rs, Rust support for the Linux kernel, and ntpd-rs.
• Deployment of ntpd-rs: Let's Encrypt has deployed ntpd-rs, the first memory-safe software from Prossimo in its infrastructure. Most operating systems use NTP to determine time accurately, and it's important to ensure NTP implementations are secure. Prossimo started working on ntpd-rs in 2022 and it was deployed to the Let's Encrypt staging environment in 2024 and is now in production.
• Future Plans: Continue replacing C or C++ software with memory-safe alternatives in Let's Encrypt infrastructure, such as OpenSSL with Rustls, DNS software with Hickory, Nginx with River, and sudo with sudo-rs. Memory safety is an important part of overall security.
• Community Dependence: Depends on contributions from users and supporters. Encourages companies or organizations to sponsor Let's Encrypt by emailing mailto:sponsor@letsencrypt.org and asks for individual contributions if possible.