|Let's Encrypt Now In Public Beta|
|Written by Nikos Vaggalis|
|Thursday, 03 December 2015|
Let's Encrypt is entering Public Beta today and signing up is free. The project is a a joined initiative by the non-profit entity Internet Security Research Group (ISRG) and the Linux Foundation, that aims to make the web a safer place by helping people set up encryption on their websites easily and without the usual hassle.
This help is twofold; it is primarily the distribution of free SSL certificates, and secondarily the use of a simple client utility that makes enabling HTTPS on a Web site as simple as typing:
The certificates are issued by the ISRG, in its capacity as an open certificate authority, and eliminate the tedious and error prone process of creating and issuing self signed certificates.
You need also to be aware that upon entering a site that uses self signed certificates, the browser will warn that since the certificate has not been issued by a root authority, the user must add an exception for accepting it.
If you're curious to see what you'll be 'missing' by letting the letsencrypt Python-based utility automatically configure your Apache and Nginx installations, check those long winded instructions on the process one has to go through for setting up a self signed certificate
Then of course there's the cost of acquiring, keeping and renewing an official certificate, in both bureaucratic and expense terms.
As for the second aspect, bureaucracy, to obtain a certificate from a root authority you have to undergo a strict identification process.
The problem is that a valid HTTPS certificate makes those sites look legit, therefore misleading the user into trusting them. So while this authorization process is the subject of an ongoing committee debate, a first line of defense has been established in that the sites applying for a certificate have to be checked against the Google Safe Browsing API. Hence sites flagged as dubious by Google won't be getting one.
Another issue is what terms of service new subscribers will have to accept when signing up commences today. In advance the closest model we have, is the draft and unfinalized Subscriber Agreement circulating since June 23, 2015.
Its terms, written in a simple language comprehensible by non lawyers, are pretty standard. The "Your Warranties and Responsibilities" section contains the most important terms that the user has to agree to and they seem very reasonable.
All parts of the Let's Encrypt initiative seem great, but what stands out the most is its policy on recognizing:
that encrypting is something all of us should be doing
something that is advocated by the EFF, which is also a sponsor.
It is a common view, especially nowadays, with encryption coming under heavy scrutiny. It is a view that considers encryption as a means to make everyone's life safer by securing their online
So wait no more and grab that certificate. It is free, easy to get, plus you'll be offering your online or otherwise community a service, making it a much safer place to be in.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Thursday, 03 December 2015 )|