Jump to content
Nytro

Launching in 2015: A Certificate Authority to Encrypt the Entire Web

By Nytro, in Stiri securitate

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=2]Launching in 2015: A Certificate Authority to Encrypt the Entire Web[/h]November 18, 2014 | By Peter Eckersley

Today EFF is pleased to announce Let’s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS.

Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.

The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires. We’re all familiar with the warnings and error messages produced by misconfigured certificates. These warnings are a hint that HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication.

no-cert-warning.pngLet's Encrypt will eliminate most kinds of erroneous certificate warnings

The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software or watch a video of it in action here:

Let’s Encrypt will employ a number of new technologies to manage secure automated verification of domains and issuance of certificates. We will use a protocol we’re developing called ACME between web servers and the CA, which includes support for new and stronger forms of domain validation. We will also employ Internet-wide datasets of certificates, such as EFF’s own Decentralized SSL Observatory, the University of Michigan’s scans.io, and Google's Certificate Transparency logs, to make higher-security decisions about when a certificate is safe to issue.

The Let’s Encrypt CA will be operated by a new non-profit organization called the Internet Security Research Group (ISRG). EFF helped to put together this initiative with Mozilla and the University of Michigan, and it has been joined for launch by partners including Cisco, Akamai, and Identrust.

The core team working on the Let's Encrypt CA and agent software includes James Kasten, Seth Schoen, and Peter Eckersley at EFF; Josh Aas, Richard Barnes, Kevin Dick and Eric Rescorla at Mozilla; Alex Halderman and James Kasten and the University of Michigan.

Sursa: https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web

Ganav Newbie

Ganav

Posted
Posted

Ca si idee este interesant dar am o nelamurire: cine detine cheile? al cui este certificate authority-ul? Ei sustin ca doresc protejarea utilizatorilor de institutii guvernamentale si corporatii insa la sponsori apar CISCO, Akamai, etc. Mai mult, pentru a implementa un astfel de sistem la scara globala sunt necesare fonduri considerabile pe care un grup universitar nu le are.

Cu alte cuvinte, articolul ma face sa cred ca se doreste o forma mai stricta de control asupra traficului pe Internet. Practic, aceasta masura de protectie inlatura toate grupurile "mici" de hacker-i ramanand astfel doar guvernul si corporatiile cu acces asupra acestuia.

em Newbie

em

Posted
Posted

Coaie e?ti nebun?

$ sudo apt-get install lets-encrypt

$ lets-encrypt example.com

Adic? ?stia o s? dea SSL la to?i oamenii f?r? verificarea identit??ii? Mai e ?i moca? Nu îi dau timp de via?? prea mare. O s? îmi iau ?i eu în sfâr?it SSL pentru carder.ro

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...