Let's encrypt sump.org
[Oct 3, 2016; Nerd]

After not providing secure communication at all, sump.org as of now enforces use of HTTPS. Passing by without catching up - as it was once said in GDR whose end of life anniversary is being celebrated today.

It is made possible by Let's Encrypt, a service which provides widely trusted certificates at no cost and with little effort. The site owner (or a script run by the site owner) just needs to follow ACME protocol to get the desired certificate. Basic idea is that the site owner demonstrates his control over the site by making small modifications to the site. If tests are passed, a signed certificate is issued. Worth noting is the short life span of 90 days those certificates have, so automatic renewal is a must.

Where does this leave security? Well, apparently it is not getting worse, because other CAs have already issued certificates with the same level of verification in the past - only not for free. The reasoning why such a certificate is still meaningful is that CA network infrastructure is supposed to possess a much better protection from man-in-the-middle attacks than the casual user and therefore cannot be easily tricked into issuing certificates to the wrong people.

Let's Encrypt