Web Site Security Certificates Soon To Be Free and Easy

Browsing the Web could be made a lot more secure if sites used the HTTPS encryption protocol instead of HTTP, but installing the security certificates that enable this has generally been difficult, time-consuming and sometimes costly as well. A new initiative announced Tuesday, though, aims to make a free and easy-to-install alternative available to sites across the Web starting next summer.

The Let's Encrypt initiative is being led by a new California public benefit corporation, the Internet Security Research Group. Among the organizations sponsoring ISRG are Akamai Technologies, Cisco Systems, the Electronic Frontier Foundation, IdenTrust, Mozilla (the company behind the Firefox Web browser) and the University of Michigan.

With the standard HTTP protocol, online communications are unencrypted, which makes it possible for hackers and others to intercept a surfer's username, passwords, browsing history and other information. The HTTPS protocol offers a greater level of protection for such information by encrypting data and verifying the authenticity of the sites that users are providing that data to.

Certificate Setup in '20-30 Seconds'

"It's clear at this point that encrypting is something all of us should be doing," said Josh Aas, ISRG's executive director and senior technology strategist at Mozilla, writing in a blog post announcing the initiative. "Then why don't we use TLS (the successor to SSL) everywhere?"

Up until now, Aas continued, the problem has lain with the challenges involved in obtaining and installing SSL/TLS certificates for Web site encryption. Such certificates often require an upfront fee, and are available through a labyrinthine assortment of certificate authority companies -- such as Symantec, Comodo SSL and GoDaddy -- around the world. Once a certificate is obtained, installation headaches are common.

According to Peter Eckersley, the Electronic Frontier Foundation's technology projects director, "The need to obtain, install and manage certificates from that bureaucracy is the largest...

Comments are closed.

Web Site Security Certificates Soon To Be Free and Easy

Browsing the Web could be made a lot more secure if sites used the HTTPS encryption protocol instead of HTTP, but installing the security certificates that enable this has generally been difficult, time-consuming and sometimes costly as well. A new initiative announced Tuesday, though, aims to make a free and easy-to-install alternative available to sites across the Web starting next summer.

The Let's Encrypt initiative is being led by a new California public benefit corporation, the Internet Security Research Group. Among the organizations sponsoring ISRG are Akamai Technologies, Cisco Systems, the Electronic Frontier Foundation, IdenTrust, Mozilla (the company behind the Firefox Web browser) and the University of Michigan.

With the standard HTTP protocol, online communications are unencrypted, which makes it possible for hackers and others to intercept a surfer's username, passwords, browsing history and other information. The HTTPS protocol offers a greater level of protection for such information by encrypting data and verifying the authenticity of the sites that users are providing that data to.

Certificate Setup in '20-30 Seconds'

"It's clear at this point that encrypting is something all of us should be doing," said Josh Aas, ISRG's executive director and senior technology strategist at Mozilla, writing in a blog post announcing the initiative. "Then why don't we use TLS (the successor to SSL) everywhere?"

Up until now, Aas continued, the problem has lain with the challenges involved in obtaining and installing SSL/TLS certificates for Web site encryption. Such certificates often require an upfront fee, and are available through a labyrinthine assortment of certificate authority companies -- such as Symantec, Comodo SSL and GoDaddy -- around the world. Once a certificate is obtained, installation headaches are common.

According to Peter Eckersley, the Electronic Frontier Foundation's technology projects director, "The need to obtain, install and manage certificates from that bureaucracy is the largest...

Comments are closed.