Let’s Encrypt Project Issues Free Encryption Service
Encryption has long been held as one of the most reliable ways to protect data and communication. Last week, Let’s Encrypt, a free, automated, and open-certificate authority (CA) issued its first certificate, marking the start of its beta program.
Let’s Encrypt, run by the ISRG (Internet Security Research Group), and backed by Mozilla, the Electronic Frontier Foundation (EFF), Cisco, and Akamai among others, aims to become a one-stop shop for webmasters looking for free and trusted SSL/TSL (Secure Socket Layer/Transport Layer Security) certificates, which is used to encrypt data passed between a website and a user. Additionally, it offers an automatic certificate acquisition process and uses TLS to maintain server security.
EFF says that right now, the certificate is not cross-signed, meaning that visiting the page over HTTPS will give users an “untrusted” warning unless they install the ISRG root, and it will take about a month to establish the trusted connection across all browsers. They also added that “a cross-signature will be in place before general availability. This will allow certificates from Let’s Encrypt to validate automatically for the vast majority of consumers. Prior to cross-signing, browsers will not accept our certificates as valid unless a user has installed our root as trusted.” The non-profit organization has submitted the root programs to Apple, Google, Mozilla and Microsoft.
Currently, encryption is leveraged in a range of different settings that include those that are used by enterprises and the government, and to protect payment details on e-commerce websites. Early in July, the U.S. government and technology companies were locked in an argument on whether major companies like Google and Apple should allow their users to use strong encryption, which would prevent law enforcement agencies from performing investigations.
In a previous article, we talked about the duality of encryption where in itself, encryption is supposed to be a good thing. However, cybercriminals have also used strong encryption to develop crypto-ransomware variants, which they use to coerce victims to pay a ransom fee, or otherwise lose their data. In a similar way, there will be new risks that come along with advancing more encryption.
With more certificates, cybercriminals are likely to keep up by using more certificates too. In the spirit of the upcoming free certificate service, it is important for users to understand just how powerful encryption could be when it comes to securing personal information and sensitive corporate data.
[READ: How to Set Up Email Encryption]
On October 19, Let’s Encrypt received cross-signatures from IdenTrust, which essentially means that their certificates are now trusted by all major browsers. As a result, visitors to websites using Let’s Encrypt can enjoy a secure browsing experience with no special configuration required.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale