Tuesday 8 December 2015

Let’s Encrypt: Free, Automated and Open

Let's Encrypt, encryption, HTTPS, Internet Security Research Group, ISRG, Josh Aas
[Source: Let's Encrypt]
It’s a Christmas miracle: Let’s Encrypt has entered public beta, making free HTTPS certificates readily available to all.

‘HTTPS’, usually accompanied by a padlock, are the five letters preceding a website URL that tell you all data sent between your browser and the website will be encrypted, making it safe for you to enter your password, credit card information or anonymous comment. Without Hyper Text Transfer Protocol Secure, your information could easily be compromised by anyone interested in taking it.

As Jacob Hoffman-Andrews of the Electronic Frontier Foundation recently reminded readers, “A huge percentage of the world’s daily Internet usage currently takes place over unencrypted HTTP, exposing people to illegal surveillance and injection of unwanted ads, malware, and tracking headers into the websites they visit.”

When reached for comment, Internet Security Research Group (ISRG) Executive Director Josh Aas reported, “I’m not 100% sure what the future holds, but demand for Let’s Encrypt’s services seems to be strong. Ultimately what we care about most is seeing two numbers go up: 1) the percentage of sites using HTTPS and 2) the percentage of encrypted traffic on the Web. We want those numbers as close to 100% as possible. That’s the next big step for the Web to take in terms of privacy and security.”

Let’s Encrypt, a joint project stemming from ISRG, was born in 2012 when Aas and then-Mozilla coworker Eric Rescorla concluded that the best way to increase transport layer security (TLS) usage on the Internet would be to provide a free and fully automated certificate authority. Three years later, Let’s Encrypt has issued more than 26,000 invite-only HTTPS certificates, a number that will only grow exponentially now that the service is accessible to all.

Anyone who owns a domain name is welcome to obtain a Let’s Encrypt certificate; for information regarding installation or renewal, go to https://letsencrypt.org/howitworks/. In keeping with an open internet, Let’s Encrypt is a transparent, cooperative effort that makes publicly available all issued and revoked certificates, publishes open standard protocols for adoption and is overseen by independent experts and those from supporting organizations alike. Although still in beta, Let’s Encrypt is committed to closely monitoring user feedback and quickly making improvements.

Here’s to an encrypted 2016!

Want to know more about the encryption debate? Read on! 
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

No comments:

Post a Comment