-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
So cool I'll just shut my mouth and let the launch text speak for itself... (links in the original) - ---- https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web # Launching in 2015: A Certificate Authority to Encrypt the Entire Web Today EFF is pleased to announce Let?s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, Identrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS. Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let?s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button. The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires. We?re all familiar with the warnings and error messages produced by misconfigured certificates. These warnings are a hint that HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication. The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let?s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software or watch a video of it in action here: Let?s Encrypt will employ a number of new technologies to manage secure automated verification of domains and issuance of certificates. We will use a protocol we?re developing called ACME between web servers and the CA, which includes support for new and stronger forms of domain validation. We will also employ Internet-wide datasets of certificates, such as EFF?s own Decentralized SSL Observatory, the University of Michigan?s scans.io, and Google's Certificate Transparency logs, to make higher-security decisions about when a certificate is safe to issue. The Let?s Encrypt CA will be operated by a new non-profit organization called the Internet Security Research Group (ISRG). EFF helped to put together this initiative with Mozilla and the University of Michigan, and it has been joined for launch by partners including Cisco, Akamai, and Identrust. The core team working on the Let's Encrypt CA and agent software includes James Kasten, Seth Schoen, and Peter Eckersley at EFF; Josh Aas, Richard Barnes, Kevin Dick and Eric Rescorla at Mozilla; Alex Halderman and James Kasten and the University of Michigan. - -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 [email protected] PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) iQIcBAEBCAAGBQJUa4b3AAoJEF+GaYdAqahx4cIQAMKfrDwarBKUHYK1EHuutF5+ vBOF/Bz9CYCVfSIhn3Re/Vze4xMF6ZRnKOnAsPdi2Im+I/KOkOKMG+W/n/z8EGht cQzow+HNKqRQ/BerieK8ziCWPy2vP/nEvJVha3KO3Oc2Y83MlxS+0KyvrT1JhkaI AG3sMm7MA0FyoGTV27wFbGsbgjGbGmqxZYPvn8MJeyIou1pZzWva1c3QqBGHWmLp aYiKQ2vMauawq5o9fmpqKa8hkS98jUS3I1kOhgE2aH7GEgudhESengr7Mb9655qY W265vk+FeT/T6GCFO4yzdzC+eey+22gumjVwKXuookSuKqTGP0kNCvCUP75o9abc yO4xkaQo3EL4R77IsqMxNtCOResBxqc8oY18JuOUzDeKhuKCwQEhWBi3l6tt9R8m GqEKJXYuedwznPFq2fpM4sL7TFSMzyV8Zx5VtyAuHlR5iyFSe+G5RVJNngHlJaOP 7RPQ4GTyHHpEqA7RDu6F7ekMJu1kJ9dGonZemR21Xdkto9xJ02nd4YSAajmJ9zdT 2eWcww2uUb0L9HhG6R2pa3gh3vECs3ShCjhzHZGSOsMxD8iAjcW62CfCRcvMii6X 7UQkvCT/eJZWpsdA0xBNxvukEJzIJFpUl7ouDZFxRYbEf9f6o6BoYfLMWcBfjif1 ej21nmdcC12JEIl5ecnH =yRrk -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
