In a few months, there shall be a new certificate authority (CA) called ‘Let’s Encrypt’ that aims to clear the remaining roadblocks to the transition of Websites from http to https.
The initiative is by the non-profit, Electronic Frontier Foundation (EFF). For this, the institution has got Mozilla, Cisco, Akamai, IdenTrust, & researchers at the University of Michigan together.
The announcement on the EFF Website explains the whole process. It says: Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP Website, you are always vulnerable to problems, including account hijacking and identity theft. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every Website is HTTPS by default.
The new CA will be launched in the summer of 2015. The Let’s Encrypt CA will automatically issue & manage free certificates for any Website that needs them. Switching a Web server from http to https with this CA will be as easy as issuing one command, or clicking one button.
EFF has expalined that the “biggest obstacle to https deployment” has been the complexity, bureaucracy, & cost of the certificates that was required.
“The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time,”says the announcement.
The Let’s Encrypt project will reduce setup time to 20-30 seconds. It will employ a number of new technologies to manage secure automated verification of domains & issuance of certificates. A protocol it is developing called ACME between Web servers & the CA, shall be deployed.
Image Credit: EFF
Advertising Message