Tag Archive for encryption

From http to https: New certificate authority for secure Web coming next year

Posted on November 19, 2014 by

letsencrypt

In a few months, there shall be a new certificate authority (CA) called ‘Let’s Encrypt’ that aims to clear the remaining roadblocks to the transition of Websites from http to https.

The  initiative is by the non-profit, Electronic Frontier Foundation (EFF). For this, the institution has got Mozilla, Cisco, Akamai, IdenTrust, & researchers at the University of Michigan together.

The announcement on the EFF Website explains the whole process. It says: Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP Website, you are always vulnerable to problems, including account hijacking and identity theft. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every Website is HTTPS by default.

The new CA will be launched in the summer of 2015. The Let’s Encrypt CA will automatically issue & manage free certificates for any Website that needs them. Switching a Web server from http to https with this CA will be as easy as issuing one command, or clicking one button.

EFF has expalined that the “biggest obstacle to https deployment” has been the complexity, bureaucracy, & cost of the certificates that was required.

“The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time,”says the announcement.

The Let’s Encrypt project will reduce setup time to 20-30 seconds. It will employ a number of new technologies to manage secure automated verification of domains & issuance of certificates. A protocol it is developing called ACME between Web servers & the CA, shall be deployed.

Image Credit: EFF

Advertising Message

Comments Off on From http to https: New certificate authority for secure Web coming next year Posted in Internet News

True email encryption: Scryptmail shall show the way

Posted on November 15, 2014 by

emailencryptiongraphic

In recent months, we at What’s New On The Net have featured or profiled scores of new email services that promise high levels of encryption.

One of our readers, Sergei Krutov contacted us to inform us that many of such services lack server side encryption. Sergei claims to have conducted deep research on email encryption & found many false claims being made by many an email service startup.

He drew the attention of our startup profilers to his blog post wherein he wrote:

Or another point of view, the concept of Server-Side Encryption (SSE) is a totally misunderstood by the public. For example, it simply encrypting the e-mail message before it is transmitted from the server to the recipient.

But obviously, the E-Mail Service provider can easily read your message, words: “We encrypt your message on the server”, should translates into: “ We can read your email in clear text, but believe us, we are the good guys, so won’t do that. We will encrypt your message and destroy the original. So no one, and we repeat no one can read you email except specified recipient.”

sergeiSergei himself is on the verge of beta launching an email service called Scryptmail, so we invited him to explain how his email service would be better than the others on the privacy front. In keeping with our suggestion,Sergei wrote a fresh post in which, besides talking of the launch of Scryptmail, he has explained the difference.

Here’s what he says:

Scryptmail is a brand new email service which offers to you a key benefit known as ‘Frontend Encryption’ (to get more background on this new feature, read here) In giving, the customer, the best service possible, we have followed the best PGP protocol standards for public key exchange. In addition, we have adopted open source javascript libraries to make user side encryption for email communication into a seamless process.

If PGP standards were to be more widely adopted, we would always be contributing more to it, in order to make it more private and secured.

At Scryptmail, we take the firm belief that the concepts of privacy and confidentiality simply cannot be outsourced to a third country.

….in saying all this, we are constantly improving our service to make it better, faster, and more reliable, so you can use Scryptmail for your everyday needs. Before we open our limited registration on November 18th, we encourage you to request an invitation, so you can be amongst the first group of people to test drive our Beta version of Scryptmail.

After this period of Beta testing is over, we will keep inviting more people to use our services, so that we can expand our server load accordingly efficiently and effectively, and also eliminate software bugs as quickly as possible.

If you want to catch up with Sergei’s post, click here.

Editor: We would be happy if our readers join in this conversation on email encryption, or even give some more suggestions, in order to better Online privacy.

Graphic: Pixteller
Image Credit: Sergei Krutov

Advertising Message

Comments Off on True email encryption: Scryptmail shall show the way Posted in Digital World News, Internet News
« Older Entries