A project that aims to increase the use of encryption by giving away free SSL/TLS certificates has issued its first one, marking the start of its beta program.
The project, called Let’s Encrypt, is run by the Internet Security Research Group (ISRG) and backed by Mozilla, the Electronic Frontier Foundation (EFF), Cisco and Akamai, among others.
Let’s Encrypt plans to distribute free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates, which encrypt data passed between a website and users. The use of SSL/TLS is signified in most browsers by “https” and a padlock appearing in the URL bar.
Unencrypted web traffic poses a security risk. For example, an attacker could collect the web traffic of someone using a public Wi-Fi hotspot, potentially revealing sensitive data.
Selling SSL/TLS certificates is a big business; the certificates often aren’t cheap and they expire after a certain time. The cost puts off some website owners from using encryption, particularly for less-trafficked sites.
Let’s Encrypt aims to “revolutionize encryption on websites, making https implementation a seamless, no-cost option for anyone with a domain,” wrote Rainey Reitman, the EFF’s activism director.
The organization’s first certificate is for one of its own domains, effectively a test run showing that the system works. It will begin issuing certificates to domains participating in its beta program, and then to more websites, in the next couple of months, wrote Josh Aas, ISRG’s executive director, in a blog post.
For the first certificate to appear valid, users will have to install an ISRG root certificate in their browser or other client software. That’s a temporary issue, as ISRG’s root certificate will be cross-signed in about a month by IdenTrust, a Certificate Authority that is one of Let’s Encrypt’s primary sponsors.
Once that is in place, ISRG’s certificates will be recognized as valid by nearly all browsers.
Major technology companies including Google, Yahoo and Facebook have made a strong push for broader using of encryption in light of government surveillance programs and burgeoning cybercrime.