Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

EFF, Mozilla back new certificate authority that will offer free SSL certificates

Lucian Constantin | Nov. 19, 2014
The new CA is called Let's Encrypt and its goal is to encourage the widespread adoption of SSL/TLS on the Internet.

Other sponsors of the project include Cisco Systems and Akamai Technologies. Some researchers from the University of Michigan are also involved. Aas expects that more people and organizations will offer their support in the future.

"Over time, we're going to measure our success by two things: the spread of TLS usage and a shift in users' attitude about encryption," Aas said. "We'd like to get to a point where users expect and demand that all websites they visit are encrypted, not just their banks."

This is part of a larger effort to encrypt all forms of online communications that security and privacy experts have called for following revelations of bulk Internet surveillance by intelligence agencies like the U.S. National Security Agency or the U.K.'s Government Communications Headquarters.

The IETF has already started work on developing TLS deployment guidelines for various communication protocols. Cryptography and security expert Bruce Schneier, who had access to the cache of secret documents leaked by former NSA contractor Edward Snowden, said last year that the goal of the technical community should be to make eavesdropping expensive through the widespread use of encryption, which would force the NSA to abandon the wholesale collection of data in favor of targeted collection.

This year Google modified its search ranking algorithms to favor HTTPS (HTTP Secure) websites in a move aimed at encouraging webmasters to implement TLS encryption on their sites.

The growing adoption of TLS might create an incentive for attackers to increasingly target the private keys associated with digital certificates. However, this is a larger issue that will require work from the whole industry to combat, Aas said.

There are plans for Let's Encrypt to join the CA/B Forum, an association of browser vendors and certificate authorities that develops guidelines and best practices for the issuance, revocation and management of TLS and code signing certificates.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.