You can read more about the project at https://letsencrypt.org/
You can see (and participate in) the work in progress protocols (called ACME) around certificate management here: https://github.com/letsencrypt/acme-spec On Tue, Nov 18, 2014 at 12:54 PM, Stephen Farrell <[email protected] > wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Nice! > > Sounds extremely promising. > > S. > > On 18/11/14 17:50, Joseph Lorenzo Hall wrote: > > > > So cool I'll just shut my mouth and let the launch text speak for > > itself... (links in the original) > > > > ---- > > > > > https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web > > > > # Launching in 2015: A Certificate Authority to Encrypt the Entire > > Web > > > > Today EFF is pleased to announce Let?s Encrypt, a new certificate > > authority (CA) initiative that we have put together with Mozilla, > > Cisco, Akamai, Identrust, and researchers at the University of > > Michigan that aims to clear the remaining roadblocks to transition > > the Web from HTTP to HTTPS. > > > > Although the HTTP protocol has been hugely successful, it is > > inherently insecure. Whenever you use an HTTP website, you are > > always vulnerable to problems, including account hijacking and > > identity theft; surveillance and tracking by governments, > > companies, and both in concert; injection of malicious scripts into > > pages; and censorship that targets specific keywords or specific > > pages on sites. The HTTPS protocol, though it is not yet flawless, > > is a vast improvement on all of these fronts, and we need to move > > to a future where every website is HTTPS by default.With a launch > > scheduled for summer 2015, the Let?s Encrypt CA will automatically > > issue and manage free certificates for any website that needs them. > > Switching a webserver from HTTP to HTTPS with this CA will be as > > easy as issuing one command, or clicking one button. > > > > The biggest obstacle to HTTPS deployment has been the complexity, > > bureaucracy, and cost of the certificates that HTTPS requires. > > We?re all familiar with the warnings and error messages produced > > by misconfigured certificates. These warnings are a hint that HTTPS > > (and other uses of TLS/SSL) is dependent on a horrifyingly complex > > and often structurally dysfunctional bureaucracy for > > authentication. > > > > The need to obtain, install, and manage certificates from that > > bureaucracy is the largest reason that sites keep using HTTP > > instead of HTTPS. In our tests, it typically takes a web developer > > 1-3 hours to enable encryption for the first time. The Let?s > > Encrypt project is aiming to fix that by reducing setup time to > > 20-30 seconds. You can help test and hack on the developer preview > > of our Let's Encrypt agent software or watch a video of it in > > action here: > > > > Let?s Encrypt will employ a number of new technologies to manage > > secure automated verification of domains and issuance of > > certificates. We will use a protocol we?re developing called ACME > > between web servers and the CA, which includes support for new and > > stronger forms of domain validation. We will also employ > > Internet-wide datasets of certificates, such as EFF?s own > > Decentralized SSL Observatory, the University of Michigan?s > > scans.io, and Google's Certificate Transparency logs, to make > > higher-security decisions about when a certificate is safe to > > issue. > > > > The Let?s Encrypt CA will be operated by a new non-profit > > organization called the Internet Security Research Group (ISRG). > > EFF helped to put together this initiative with Mozilla and the > > University of Michigan, and it has been joined for launch by > > partners including Cisco, Akamai, and Identrust. > > > > The core team working on the Let's Encrypt CA and agent software > > includes James Kasten, Seth Schoen, and Peter Eckersley at EFF; > > Josh Aas, Richard Barnes, Kevin Dick and Eric Rescorla at Mozilla; > > Alex Halderman and James Kasten and the University of Michigan. > > > > > > _______________________________________________ perpass mailing > > list [email protected] > > https://www.ietf.org/mailman/listinfo/perpass > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJUa4fMAAoJEC88hzaAX42idrsH/1ESxXdSUtqFuE3Qea2neAs8 > yECBMM44hIFI5Vqen/YtmNDsa8/L72mUkdaCkTEBCJdRQQt6pYigKNQZ+ZBIUUi7 > VY9bhdugo/TqrszHhy+U3rCwvyBGbjBqQf4sVaNx6FOdqY0upnW8foetnYz2XbCI > AO+N6SoNjxd5NkU3zY/mJ09a1tpY6/T0jeKdfoHAG1QG9DZs0bctCfwo07qV5vGv > hiS1O3VrU9KRBaVcCm+IlacV1UsEc6U3n6WeXGxOG9wUTKGIvbVhyQvFUP/xgB+N > D8QW5gTzf96Vc8oh/pc/LRdo3qwafarbCYHRENdKs2YciseK11OkjhK3cxdJlQI= > =As8k > -----END PGP SIGNATURE----- > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > >
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
