On Tue, Nov 18, 2014 at 5:55 PM, Songhaibin (A) <[email protected]> wrote:
> It is now calling for attacks to test its robustness? > If there were an actual CA, then maybe :) What we have now are some prototype implementations, with a goal of getting the CA stood up in the next few months. --Richard > > Best Regards! > -Haibin > > > -----Original Message----- > > From: perpass [mailto:[email protected]] On Behalf Of manning > bill > > Sent: Wednesday, November 19, 2014 3:39 AM > > To: Patrick McManus > > Cc: perpass; Joseph Lorenzo Hall; Stephen Farrell > > Subject: Re: [perpass] EFF, Mozilla et al. announce new free certificate > > authority... > > > > nothing more expensive than free... > > > > > > /bill > > PO Box 12317 > > Marina del Rey, CA 90295 > > 310.322.8102 > > > > On 18November2014Tuesday, at 11:13, Patrick McManus > > <[email protected]> wrote: > > > > > You can read more about the project at https://letsencrypt.org/ > > > > > > You can see (and participate in) the work in progress protocols > > > (called ACME) around certificate management here: > > > https://github.com/letsencrypt/acme-spec > > > > > > On Tue, Nov 18, 2014 at 12:54 PM, Stephen Farrell < > [email protected]> > > wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > > > > Nice! > > > > > > Sounds extremely promising. > > > > > > S. > > > > > > On 18/11/14 17:50, Joseph Lorenzo Hall wrote: > > > > > > > > So cool I'll just shut my mouth and let the launch text speak for > > > > itself... (links in the original) > > > > > > > > ---- > > > > > > > > https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt- > > > > entire-web > > > > > > > > # Launching in 2015: A Certificate Authority to Encrypt the Entire > > > > Web > > > > > > > > Today EFF is pleased to announce Let?s Encrypt, a new certificate > > > > authority (CA) initiative that we have put together with Mozilla, > > > > Cisco, Akamai, Identrust, and researchers at the University of > > > > Michigan that aims to clear the remaining roadblocks to transition > > > > the Web from HTTP to HTTPS. > > > > > > > > Although the HTTP protocol has been hugely successful, it is > > > > inherently insecure. Whenever you use an HTTP website, you are > > > > always vulnerable to problems, including account hijacking and > > > > identity theft; surveillance and tracking by governments, companies, > > > > and both in concert; injection of malicious scripts into pages; and > > > > censorship that targets specific keywords or specific pages on > > > > sites. The HTTPS protocol, though it is not yet flawless, is a vast > > > > improvement on all of these fronts, and we need to move to a future > > > > where every website is HTTPS by default.With a launch scheduled for > > > > summer 2015, the Let?s Encrypt CA will automatically issue and > > > > manage free certificates for any website that needs them. > > > > Switching a webserver from HTTP to HTTPS with this CA will be as > > > > easy as issuing one command, or clicking one button. > > > > > > > > The biggest obstacle to HTTPS deployment has been the complexity, > > > > bureaucracy, and cost of the certificates that HTTPS requires. > > > > We?re all familiar with the warnings and error messages produced by > > > > misconfigured certificates. These warnings are a hint that HTTPS > > > > (and other uses of TLS/SSL) is dependent on a horrifyingly complex > > > > and often structurally dysfunctional bureaucracy for authentication. > > > > > > > > The need to obtain, install, and manage certificates from that > > > > bureaucracy is the largest reason that sites keep using HTTP instead > > > > of HTTPS. In our tests, it typically takes a web developer > > > > 1-3 hours to enable encryption for the first time. The Let?s Encrypt > > > > project is aiming to fix that by reducing setup time to > > > > 20-30 seconds. You can help test and hack on the developer preview > > > > of our Let's Encrypt agent software or watch a video of it in action > > > > here: > > > > > > > > Let?s Encrypt will employ a number of new technologies to manage > > > > secure automated verification of domains and issuance of > > > > certificates. We will use a protocol we?re developing called ACME > > > > between web servers and the CA, which includes support for new and > > > > stronger forms of domain validation. We will also employ > > > > Internet-wide datasets of certificates, such as EFF?s own > > > > Decentralized SSL Observatory, the University of Michigan?s > > > > scans.io, and Google's Certificate Transparency logs, to make > > > > higher-security decisions about when a certificate is safe to issue. > > > > > > > > The Let?s Encrypt CA will be operated by a new non-profit > > > > organization called the Internet Security Research Group (ISRG). > > > > EFF helped to put together this initiative with Mozilla and the > > > > University of Michigan, and it has been joined for launch by > > > > partners including Cisco, Akamai, and Identrust. > > > > > > > > The core team working on the Let's Encrypt CA and agent software > > > > includes James Kasten, Seth Schoen, and Peter Eckersley at EFF; Josh > > > > Aas, Richard Barnes, Kevin Dick and Eric Rescorla at Mozilla; Alex > > > > Halderman and James Kasten and the University of Michigan. > > > > > > > > > > > > _______________________________________________ perpass mailing > > list > > > > [email protected] https://www.ietf.org/mailman/listinfo/perpass > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1 > > > > > > > > iQEcBAEBAgAGBQJUa4fMAAoJEC88hzaAX42idrsH/1ESxXdSUtqFuE3Qea2neAs8 > > > > > yECBMM44hIFI5Vqen/YtmNDsa8/L72mUkdaCkTEBCJdRQQt6pYigKNQZ+ZBIUU > > i7 > > > > > VY9bhdugo/TqrszHhy+U3rCwvyBGbjBqQf4sVaNx6FOdqY0upnW8foetnYz2XbCI > > > > > AO+N6SoNjxd5NkU3zY/mJ09a1tpY6/T0jeKdfoHAG1QG9DZs0bctCfwo07qV5vGv > > > > > hiS1O3VrU9KRBaVcCm+IlacV1UsEc6U3n6WeXGxOG9wUTKGIvbVhyQvFUP/xgB > > +N > > > D8QW5gTzf96Vc8oh/pc/LRdo3qwafarbCYHRENdKs2YciseK11OkjhK3cxdJlQI= > > > =As8k > > > -----END PGP SIGNATURE----- > > > > > > _______________________________________________ > > > perpass mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/perpass > > > > > > > > > _______________________________________________ > > > perpass mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/perpass > > > > _______________________________________________ > > perpass mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/perpass > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass >
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
