Led by the Electronic Frontier Foundation, Let's Encrypt wants to make HTTP an oddity within a few years' time
The Electronic Frontier Foundation on Tuesday announced a
certificate authority effort to clear roadblocks in transitioning the
Web from the HTTP protocol to the more secure HTTPS.
The
initiative, called Let's Encrypt, was assembled by EFF along with
Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of
Michigan, said Peter Eckersley, technology projects director at EFF, in a blog post.
Plans call for launching Let's Encrypt next summer, with the authority
automatically issuing and managing free certificates for any website
needing them.
Eckersly believes
that "if we do our work right, it should only take a few years for HTTP
to become unusual" and for the path to a fully encrypted Internet to be
cleared.
While it currently takes a Web developer one to three
hours to enable encryption for the first time, Let's Encrypt is meant to
reduce the setup time to 20 to 30 seconds.
"Let's Encrypt will
employ a number of new technologies to manage secure automated
verification of domains and issuance of certificates," Eckersley said.
The ACME (Automated Certificate Management Environment) protocol, in
development, includes support for newer forms of domain validation.
Internet-wide data sets of certificates, such as EFF's Decentralized SSL
Observatory, also will be employed, as will Google's Certificate
Transparency logs. The authority is to be operated by a new nonprofit
organization, called Internet Security Research Group.
No comments:
Post a Comment