BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] free SSL certs from the EFF
- Subject: [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- Date: Wed, 19 Nov 2014 02:34:59 -0500
EFF partners with some industry players to give out free SSL certs. Launching in 2015: A Certificate Authority to Encrypt the Entire Web https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web With a launch scheduled for summer 2015, the Let's Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button. ... The Let's Encrypt CA will be operated by a new non-profit organization called the Internet Security Research Group (ISRG). EFF helped to put together this initiative with Mozilla and the University of Michigan, and it has been joined for launch by partners including Cisco, Akamai, and Identrust. We sort of already have this today with StartCom (StartSSL), but they have limitations on their free offering. No wildcard certs, and if the host name even sounds like a site that might sell things (e-commerce), they won't issue a cert. But EFF isn't stopping with merely making the certs free. You still have to jump though a few hoops with StartCom, and it sounds like EFF wants to add more automation to the issuing process to make it faster/trivial to add SSL to a site. ...it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let's Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software... The big win will be when large shared and VPS hosting providers integrate certificate acquisition and installation into their control panels. Will providers have motivation to do that integration if it means giving up the sales commission they were getting from Comodo or other SSL CAs? We will use a protocol we're developing called ACME between web servers and the CA, which includes support for new and stronger forms of domain validation. All the automation does make you wonder whether it is going to be easier to game the system. Not that we had that much confidence in the authentication aspect of certs to begin with. (There are just too many CAs with lax practices for validating identities.) -Tom -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/
- Follow-Ups:
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] free SSL certs from the EFF
- Prev by Date: [Discuss] Revisiting VMWare ESX backup options
- Next by Date: [Discuss] free SSL certs from the EFF
- Previous by thread: [Discuss] Boston Linux Meeting Reminder Wednesday, November 19, 2014 - Jeff Schiller on Security
- Next by thread: [Discuss] free SSL certs from the EFF
- Index(es):
