-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Nice! Sounds extremely promising. S. On 18/11/14 17:50, Joseph Lorenzo Hall wrote: > > So cool I'll just shut my mouth and let the launch text speak for > itself... (links in the original) > > ---- > > https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web > > # Launching in 2015: A Certificate Authority to Encrypt the Entire > Web > > Today EFF is pleased to announce Let?s Encrypt, a new certificate > authority (CA) initiative that we have put together with Mozilla, > Cisco, Akamai, Identrust, and researchers at the University of > Michigan that aims to clear the remaining roadblocks to transition > the Web from HTTP to HTTPS. > > Although the HTTP protocol has been hugely successful, it is > inherently insecure. Whenever you use an HTTP website, you are > always vulnerable to problems, including account hijacking and > identity theft; surveillance and tracking by governments, > companies, and both in concert; injection of malicious scripts into > pages; and censorship that targets specific keywords or specific > pages on sites. The HTTPS protocol, though it is not yet flawless, > is a vast improvement on all of these fronts, and we need to move > to a future where every website is HTTPS by default.With a launch > scheduled for summer 2015, the Let?s Encrypt CA will automatically > issue and manage free certificates for any website that needs them. > Switching a webserver from HTTP to HTTPS with this CA will be as > easy as issuing one command, or clicking one button. > > The biggest obstacle to HTTPS deployment has been the complexity, > bureaucracy, and cost of the certificates that HTTPS requires. > We?re all familiar with the warnings and error messages produced > by misconfigured certificates. These warnings are a hint that HTTPS > (and other uses of TLS/SSL) is dependent on a horrifyingly complex > and often structurally dysfunctional bureaucracy for > authentication. > > The need to obtain, install, and manage certificates from that > bureaucracy is the largest reason that sites keep using HTTP > instead of HTTPS. In our tests, it typically takes a web developer > 1-3 hours to enable encryption for the first time. The Let?s > Encrypt project is aiming to fix that by reducing setup time to > 20-30 seconds. You can help test and hack on the developer preview > of our Let's Encrypt agent software or watch a video of it in > action here: > > Let?s Encrypt will employ a number of new technologies to manage > secure automated verification of domains and issuance of > certificates. We will use a protocol we?re developing called ACME > between web servers and the CA, which includes support for new and > stronger forms of domain validation. We will also employ > Internet-wide datasets of certificates, such as EFF?s own > Decentralized SSL Observatory, the University of Michigan?s > scans.io, and Google's Certificate Transparency logs, to make > higher-security decisions about when a certificate is safe to > issue. > > The Let?s Encrypt CA will be operated by a new non-profit > organization called the Internet Security Research Group (ISRG). > EFF helped to put together this initiative with Mozilla and the > University of Michigan, and it has been joined for launch by > partners including Cisco, Akamai, and Identrust. > > The core team working on the Let's Encrypt CA and agent software > includes James Kasten, Seth Schoen, and Peter Eckersley at EFF; > Josh Aas, Richard Barnes, Kevin Dick and Eric Rescorla at Mozilla; > Alex Halderman and James Kasten and the University of Michigan. > > > _______________________________________________ perpass mailing > list perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUa4fMAAoJEC88hzaAX42idrsH/1ESxXdSUtqFuE3Qea2neAs8 yECBMM44hIFI5Vqen/YtmNDsa8/L72mUkdaCkTEBCJdRQQt6pYigKNQZ+ZBIUUi7 VY9bhdugo/TqrszHhy+U3rCwvyBGbjBqQf4sVaNx6FOdqY0upnW8foetnYz2XbCI AO+N6SoNjxd5NkU3zY/mJ09a1tpY6/T0jeKdfoHAG1QG9DZs0bctCfwo07qV5vGv hiS1O3VrU9KRBaVcCm+IlacV1UsEc6U3n6WeXGxOG9wUTKGIvbVhyQvFUP/xgB+N D8QW5gTzf96Vc8oh/pc/LRdo3qwafarbCYHRENdKs2YciseK11OkjhK3cxdJlQI= =As8k -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass