A project that aims to increase the use of encryption by giving away free SSL/TLS certificates has issued its first one, marking the start of its beta programme.
The project, called Let’s Encrypt, is run by the Internet Security Research Group (ISRG) and backed by Mozilla, the Electronic Frontier Foundation (EFF), Cisco and Akamai, among others.
Let’s Encrypt plans to distribute free Secure Socket Layer/Transport Layer Security (SSL/TLS) certificates, which encrypt data passed between a web site and users. The use of SSL/TLS is signified in most browsers by “https” and a padlock appearing in the URL bar.
Unencrypted web traffic poses a security risk. For example, an attacker could collect the web traffic of someone using a public Wi-Fi hotspot, potentially revealing sensitive data.
Selling SSL/TLS certificates is a big business; the certificates often are not cheap and they expire after a certain time. The cost puts off some web site owners from using encryption, particularly for less-trafficked sites.
Let’s Encrypt aims to “revolutionise encryption on web sites, making https implementation a seamless, no-cost option for anyone with a domain,” wrote Rainey Reitman, the EFF’s activism director.
The organisation’s first certificate is for one of its own domains, effectively a test run showing that the system works. It will begin issuing certificates to domains participating in its beta program, and then to more web sites, in the next couple of months, wrote Josh Aas, ISRG’s executive director, in a blog post.
For the first certificate to appear valid, users will have to install an ISRG root certificate in their browser or other client software. That’s a temporary issue, as ISRG’s root certificate will be cross-signed in about a month by IdenTrust, a Certificate Authority that is one of Let’s Encrypt’s primary sponsors.
Once that is in place, ISRG’s certificates will be recognised as valid by nearly all browsers.
Major technology companies including Google, Yahoo and Facebook have made a strong push for broader using of encryption in light of government surveillance programs and burgeoning cybercrime.
Jeremy Kirk, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers