New non-profit CA aims to make HTTPS use universal
To become ubiquitous, encryption must be easy to set up and easy to use, and that’s why the Electronic Frontier Foundation (EFF), Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan are working on setting up a new certificate authority.
“With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button,” explained Peter Eckersley, technology projects director for the EFF.
“The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires,” he pointed out, adding that this is what stopped many site administrators from switching to HTTPS. Let’s Encrypt’s goal is to make the process last less than half a minute.
“Let’s Encrypt will employ a number of new technologies to manage secure automated verification of domains and issuance of certificates,” says Eckersley. “We will use a protocol we’re developing called ACME between web servers and the CA, which includes support for new and stronger forms of domain validation. We will also employ Internet-wide datasets of certificates, such as EFF’s own Decentralized SSL Observatory, the University of Michigan’s scans.io, and Google’s Certificate Transparency logs, to make higher-security decisions about when a certificate is safe to issue.”
The CA will also provide public records about all the certificates it will issue and revoke. Renewal of the certificates is automated.
“Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization,” it has been explained.
Nevertheless, the official overseer of the project is the Internet Security Research Group, a California public benefit corporation, which, along with the rest of the project’s co-founders, will actively be working on setting up the needed architecture in time for the scheduled launch.
The EFF has for a while now been working on helping users take advantage of HTTPS. With the assistance of the The Tor Project, it created the HTTPS Everywhere extension for Firefox, Firefox for Android, Chrome and Opera browsers.
The switch to HTTPS has also been encouraged by Google, as the company announced in August this year that websites using HTTPS will get better Google Search rankings.