From c62bebe7f59666b9335d7097f11518d48198dca1 Mon Sep 17 00:00:00 2001 From: Matthew McPherrin Date: Tue, 16 Jun 2026 11:08:01 -0400 Subject: [PATCH 1/5] Simplify definition of ECDSA * Drop reference to DSA, which isn't otherwise defined or helpful * ECDSA is fully supported, including a full chain --- content/en/docs/glossary.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/glossary.md b/content/en/docs/glossary.md index 48b8713dc..01449a919 100644 --- a/content/en/docs/glossary.md +++ b/content/en/docs/glossary.md @@ -1,7 +1,7 @@ --- title: Glossary slug: glossary -lastmod: 2025-07-31 +lastmod: 2026-06-16 show_lastmod: 1 description: "A glossary of terms related to SSL/TLS certificates, HTTPS, and web security used by Let's Encrypt." --- @@ -81,7 +81,7 @@ Note for translators: {{% def id="DV" name="Domain-validated certificate" %}} A [certificate](#def-leaf) where the applicant has only proven its control over the domain name (and not the identity of the requesting organization). [Let's Encrypt](#def-LE) offers only DV certificates (not [OV](#def-OV) or [EV](#def-EV)): [FAQ](/docs/faq) - [Wikipedia](https://en.wikipedia.org/wiki/Domain-validated_certificate) {{% /def %}} -{{% def id="ECDSA" name="Elliptic Curve Digital Signature Algorithm" abbr="ECDSA" abbr_first="1" %}} A variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. [Wikipedia](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). [Let's Encrypt](#def-LE) supports ECDSA for [end-entity or leaf certificates](#def-leaf), but not yet for the entire [chain](#def-chain): [/upcoming-features](/upcoming-features) {{% /def %}} +{{% def id="ECDSA" name="Elliptic Curve Digital Signature Algorithm" abbr="ECDSA" abbr_first="1" %}} A signature algorithm which uses elliptic curve cryptography. [Wikipedia](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). [Let's Encrypt](#def-LE) supports ECDSA. {{% /def %}} {{% def id="Ed25519" name="Ed25519" %}} A specific type of [EdDSA](#def-EdDSA), along with Ed448. {{% /def %}} From adb1ab7e9d6ca5e05914dcc7b426f816aa631a21 Mon Sep 17 00:00:00 2001 From: Matthew McPherrin Date: Tue, 16 Jun 2026 11:09:49 -0400 Subject: [PATCH 2/5] Drop Ed25519 and EdDSA definitions We don't support these or otherwise talk about them, so they don't need to be in the Glossary --- content/en/docs/glossary.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/content/en/docs/glossary.md b/content/en/docs/glossary.md index 01449a919..6d5f67e99 100644 --- a/content/en/docs/glossary.md +++ b/content/en/docs/glossary.md @@ -83,10 +83,6 @@ Note for translators: {{% def id="ECDSA" name="Elliptic Curve Digital Signature Algorithm" abbr="ECDSA" abbr_first="1" %}} A signature algorithm which uses elliptic curve cryptography. [Wikipedia](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). [Let's Encrypt](#def-LE) supports ECDSA. {{% /def %}} -{{% def id="Ed25519" name="Ed25519" %}} A specific type of [EdDSA](#def-EdDSA), along with Ed448. {{% /def %}} - -{{% def id="EdDSA" name="Edwards-curve Digital Signature Algorithm" abbr="EdDSA" abbr_first="1" %}} A modern public-key signature system based on elliptic curves, designed to solve several common [implementation issues](https://ed25519.cr.yp.to/) with elliptic curve cryptography. Certificate Authorities like [Let's Encrypt](#def-LE) can't provide EdDSA certificates yet. [Wikipedia](https://en.wikipedia.org/wiki/EdDSA) {{% /def %}} - {{% def id="ECC" name="Elliptic Curve Cryptography" abbr="ECC" %}} A type of public-key cryptography based on elliptic curves. ECC uses smaller keys compared to non-EC cryptography while providing equivalent security. [Cloudflare](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/) - [Wikipedia](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography) {{% /def %}} {{% def id="EV" name="Extended Validation" abbr="EV" %}} A type of certificate validation for which the [CA](#def-CA) has verified the legal entity controlling the website. They contain information about that entity. Controls from the [CA](#def-CA) are more strict than for [OV](#def-OV) certificates. [Let's Encrypt](#def-LE) doesn't offer EV certificates. [Wikipedia](https://en.wikipedia.org/wiki/Extended_Validation_Certificate) {{% /def %}} From 9017f12096992d9ccc782b1d2f8562f4d0e7b84a Mon Sep 17 00:00:00 2001 From: Matthew McPherrin Date: Tue, 16 Jun 2026 11:12:20 -0400 Subject: [PATCH 3/5] Drop identrust cross-sign references These are no longer in use and expired, so drop them. --- content/en/docs/glossary.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/en/docs/glossary.md b/content/en/docs/glossary.md index 6d5f67e99..b7069a8f2 100644 --- a/content/en/docs/glossary.md +++ b/content/en/docs/glossary.md @@ -41,7 +41,7 @@ Note for translators: {{% def id="CNAME" name="Canonical Name record" abbr="CNAME" %}} A DNS entry which maps one domain name to another, referred to as the Canonical Name. [Wikipedia](https://en.wikipedia.org/wiki/CNAME_record) {{% /def %}} -{{% def id="CA" name="Certificate Authority" abbr="CA" %}} An organization that issues [certificates](#def-leaf). [Let's Encrypt](#def-LE), [IdenTrust](#def-IdenTrust), Sectigo, and DigiCert are Certificate Authorities. [Wikipedia](https://en.wikipedia.org/wiki/Certificate_authority) {{% /def %}} +{{% def id="CA" name="Certificate Authority" abbr="CA" %}} An organization that issues [certificates](#def-leaf). [Let's Encrypt](#def-LE) is a Certificate Authority. [Wikipedia](https://en.wikipedia.org/wiki/Certificate_authority) {{% /def %}} {{% def id="CAI" name="CA Issuers" %}} Part of the [AIA](#def-AIA) field containing information about the issuer of the [certificate](#def-leaf). It may be useful when the [web server](#def-web-server) didn't provide a trusted [certificate chain](#def-chain). {{% /def %}} @@ -89,8 +89,6 @@ Note for translators: {{% def id="FQDN" name="Fully qualified domain name" abbr="FQDN" %}} The complete domain name of a website. For example, `www.example.com` is an *FQDN*. {{% /def %}} -{{% def id="IdenTrust" name="IdenTrust" %}} A [Certificate Authority](#def-CA). IdenTrust has [cross-signed](#def-cross-signing) [Let's Encrypt](#def-LE) [intermediate certificates](#def-intermediate): [/certificates](/certificates). [Wikipedia](https://en.wikipedia.org/wiki/IdenTrust) {{% /def %}} - {{% def id="intermediate" name="Intermediate certificate" %}} A certificate signed by a [root](#def-root) or another intermediate, and capable of signing other certificates. They are used to sign leaf certificates while keeping the private key of root certificate offline. Intermediates are included in [certificate chains](#def-chain). [Wikipedia](https://en.wikipedia.org/wiki/Public_key_certificate#Types_of_certificate) {{% /def %}} {{% def id="IDNA" name="Internationalized Domain Names for Applications" abbr="IDNA" %}} See [internationalized domain name](#def-IDN). {{% /def %}} From bce2dd756865d57a21f28ff0b2ee6ca1cef88a1f Mon Sep 17 00:00:00 2001 From: Matthew McPherrin Date: Wed, 17 Jun 2026 15:35:53 -0400 Subject: [PATCH 4/5] link ECC from ECDSA definition --- content/en/docs/glossary.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/glossary.md b/content/en/docs/glossary.md index b7069a8f2..d7ec41af4 100644 --- a/content/en/docs/glossary.md +++ b/content/en/docs/glossary.md @@ -81,7 +81,7 @@ Note for translators: {{% def id="DV" name="Domain-validated certificate" %}} A [certificate](#def-leaf) where the applicant has only proven its control over the domain name (and not the identity of the requesting organization). [Let's Encrypt](#def-LE) offers only DV certificates (not [OV](#def-OV) or [EV](#def-EV)): [FAQ](/docs/faq) - [Wikipedia](https://en.wikipedia.org/wiki/Domain-validated_certificate) {{% /def %}} -{{% def id="ECDSA" name="Elliptic Curve Digital Signature Algorithm" abbr="ECDSA" abbr_first="1" %}} A signature algorithm which uses elliptic curve cryptography. [Wikipedia](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). [Let's Encrypt](#def-LE) supports ECDSA. {{% /def %}} +{{% def id="ECDSA" name="Elliptic Curve Digital Signature Algorithm" abbr="ECDSA" abbr_first="1" %}} A signature algorithm which uses [elliptic curve cryptography](#def-ECC). [Wikipedia](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). [Let's Encrypt](#def-LE) supports ECDSA. {{% /def %}} {{% def id="ECC" name="Elliptic Curve Cryptography" abbr="ECC" %}} A type of public-key cryptography based on elliptic curves. ECC uses smaller keys compared to non-EC cryptography while providing equivalent security. [Cloudflare](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/) - [Wikipedia](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography) {{% /def %}} From 75f292fa274d4e25cd00b246773db665365557ff Mon Sep 17 00:00:00 2001 From: Matthew McPherrin Date: Sat, 4 Jul 2026 20:01:35 -0400 Subject: [PATCH 5/5] lastmod --- content/en/docs/glossary.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/glossary.md b/content/en/docs/glossary.md index d7ec41af4..c0f7fe38d 100644 --- a/content/en/docs/glossary.md +++ b/content/en/docs/glossary.md @@ -1,7 +1,7 @@ --- title: Glossary slug: glossary -lastmod: 2026-06-16 +lastmod: 2026-07-04 show_lastmod: 1 description: "A glossary of terms related to SSL/TLS certificates, HTTPS, and web security used by Let's Encrypt." ---