Today, personal and business information is exchanged online every day. We don't always know what actually happens to our data, who might be able to read it or how it finds its way to its destination. It should actually be completely normal for all of us to encrypt our sensitive or less sensitive data online. So why do we use TLS ( successor of the conventional SSL ) not simply everywhere? Every browser on every device supports it. Every server in every data center supports it. Why don't we just flip the switch?
Well, the problem, or rather the challenge, is the required server certificates. The basis of every TLS-protected communication is a public-key certificate. This key certificate declares that the server you are "talking" to is actually the server you wanted to talk to. For many server administrators, even obtaining a simple server certificate is a huge effort that is better avoided. The application process seems confusing. It also usually costs money. It's complicated to install. And updates are a pain.
This is exactly where Let's Encrypt comes in. Firstly, it is free and aims to enable anyone to install a simple server certificate for their domains with just one click. In other words, an automated solution.
A number of high-profile partners have joined forces to develop the necessary software and provide the infrastructure. Together, Mozilla Corporation, Cisco Systems, Inc, Akamai Technologies, Electronic Frontier Foundation, IdenTrust, Inc, and a research team at the University of Michigan through the Internet Security Research Group ("ISRG") are working to deliver this much-needed infrastructure. The ISRG welcomes any organization that shares the dedication to this ideal: ubiquitous, freely available Internet security.
On the Let's Encrypt website, the creators explain their basic principles as follows:
- Free of charge: Every domain owner can obtain a certificate that is validated for this domain at a free rate.
- Automated: The complete registration process for certificates should be carried out smoothly during the native server installation or configuration. Renewals take place automatically in the background.
- Safe: Let's Encrypt will serve as a platform for the implementation of modern security technologies.
- Transparent: All records of certificate issues and revocations are accessible to anyone interested.
- Freely available: The automated protocol for issuance and renewal will be a freely available standard, as will as much of the code of the software used as possible be open source.
Anyone who wants to become part of this initiative and make "TLS for All" a reality can contact the people responsible via the following links:
Sponsor contact: ISRG
Developer contact: Help build Let's Encrypt
Further information on the organization can be found → here!
In addition, there is already a lively communitywhich actively exchanges information and discusses open questions in the forum provided: for example Wildcard certificate support - yes or no? or Support for ipv6? and many more.
In any case, it is a very interesting alternative to conventional, sometimes very expensive SSL certificates, which have to be renewed and installed manually and are therefore a lot of work.
Update 2020
Let's Encrypt is now implemented as standard by almost all hosting providers. A few still refuse to give up the source of income from SSL certificates. These include Domain Factory and Host Europe, for example.
Info links: How exactly does it work?
0 Comments