Security

New Certificate Authority Wants to Simplify HTTPS Deployment

Add Your Comments

A new certificate authority that will launch in 2015 is aiming to transition the web from HTTP to HTTPS. The Electronic Frontier Foundation (EFF), Mozilla, Cisco, Akamai, IdenTrust and researchers at the University of Michigan have teamed up to launch the initiative, called Let’s Encrypt.

According to a blog post by EFF on Tuesday, Let’s Encrypt is scheduled to launch in the summer of 2015 and will automatically issue and manage free certificates for “any website that needs them.”

With the click of a button, Let’s Encrypt users can switch a webserver from HTTP to HTTPS, effectively whittling down a process that typically takes web developers three hours to 20 or 30 seconds.

“The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires,” EFF said. “We’re all familiar with the warnings and error messages produced by misconfigured certificates. These warnings are a hint that HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication.”

The Let’s Encrypt CA will be operated by a new non-profit organization called the Internet Security Research Group.

It will use a number of new technologies including a protocol it is developing called ACME, which supports stronger forms of domain validation between web servers and the CA.

EFF and Mozilla have worked together in the past to advocate for wider use of HTTPS encryption, developing a Mozilla extension with The Tor Project called HTTPS Everywhere. The extension rewrites requests to these sites to HTTPS.

There have been several companies who are trying to eliminate the barrier to HTTPS for their users. For example, in August Google said that it would give search preference to sites that use HTTPS. In September, CloudFlare announced that it would give SSL certificates to all of its customers, including those of its free service. CloudFlare said that even though the decision would leave them with less revenue in the short term, it was the right thing to do.

Newsletters

Subscribe Now and Get Our Exclusive Report on "The Hosting Infrastructure Ecosystem"

Enter your email to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.

Related Forum Threads

Add Your Comments

  • (will not be published)