A Certificate Authority to Encrypt the Entire Web

Mattias Geniar, Tuesday, November 18, 2014

Eff.org today announced A Certificate Authority to Encrypt the Entire Web.

The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires.eff.org

Completely agree. Especially the cost, since most certificates are automated end-to-end, are in fact nothing more than a few bits and bytes that require no further follow-up, and are stilled charged at 150$ and more per year.

The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds.

eff.org

First thoughts: great in theory, disaster in practice? It's still based on CA's that need to be "trusted". I thought we were getting passed this?



Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!

Comments

Lennie Tuesday, November 18, 2014 at 18:31 - Reply

In theory the solution is DNSSEC/DANE. Deploying it will take time and a reason for the bad up take is because the DNSSEC root keys are in the US and courts in the US can still have courtcases about cTLDs:
http://tech.slashdot.org/story/14/07/31/0046233/countries-dont-own-their-internet-domains-icann-says


Leave a Reply

Your email address will not be published. Required fields are marked *