In 2015, Mozilla and EFF will begin issuing free SSL certificates.

No self-signed certificates starting next summer.

Yesterday, the EFF Foundation announced the launch of a project Let's Encrypt with Mozilla, Cisco, Akamai, IdenTrust and the University of Michigan. The call “let's encrypt” is supported by real actions: the new certificate authority will issue free certificates to anyone.

The HTTP protocol has several disadvantages. It does not provide any protection against overhearing by government agencies, Internet service providers, employers and criminals, which allows you to monitor the user and steal his personal data, including passwords. With the MitM attack, you can easily cut out separate parts of the pages in order to censor or enter malicious code into the code.

HTTPS uses encryption of the transmitted data; it is the same HTTP, but via an encrypted channel using SSL or TLS. It is far from perfect: only 2 months have passed since the last publication of a major SSL vulnerability ( Poodle ). But even this is much better than nothing.
')
If we want to significantly improve the security of the Internet, then we all should use encrypted connection with sites. However, the difficulty, confusion and monopoly of racketeering in favor of certification authorities are getting in the way.

Of course, for the work of certificates you need to ensure their confirmation, which requires some technical costs, but very often the prices are unreasonably high. The warning about the self-signing of the encryption certificate not only indicates that the administrator did not have $ 200 per year for a normal SSL certificate, it also means that it is impossible to determine whether the connection is being listened or not.

The cost of certificates and the complexity of setting up servers to work with encryption are the main reasons why most sites continue to function only over HTTP. In order to combat these problems, the Electronic Frontier Foundation, together with a number of companies, is launching the Let's Encrypt project. Start of work is scheduled for the summer of 2015.

According to the research, as a rule, even an experienced webmaster needs to not only buy a certificate, but also spend from 1 to 3 hours to set up encryption. Let's Encrypt aims to reduce this time to 20-30 seconds. The video below shows the work of the version for testing the software set of the project .



Let's Encrypt works on the basis of many new technologies for managing automated domain verification and certificate issuance. A protocol called ACME was developed to establish a connection between a web server and a certification authority using support for new and stronger forms of domain name validation.

Nothing is reported about the support of wildcard certificates, but nothing prevents you from setting up separate certificates for each of the subdomains.

The new project will be managed by the non-profit organization Internet Security Research Group (ISRG). Initially, EFF, Mozilla and the University of Michigan took part in the project, while Cisco, Akamai and IdenTrust joined as partners only closer to launch.

A similar project is the free SSL from Cloudflare , which is enabled by default on all CDN provider clients. It has its drawbacks: regardless of whether there is encryption between the three points (server with site, Cloudflare server, user), unencrypted traffic always passes through Cloudflare. In addition, the implementation of free encryption is not supported by a number of older operating systems and browsers.

Free StartSSL certificate issuance center is mostly a marketing move, the service has a number of limitations, for example, the inability to use the site for financial transactions and e-commerce.

There is also a free CAcert.org service, but its root certificate is not included in most browsers due to the unimaginably expensive audit process and a number of other reasons, therefore the complex and interesting project structure is practically useless. But, probably, the loudness of the names of the companies involved in Let's Encrypt and the seriousness of their intentions will allow to avoid such problems.

Project website: LetsEncrypt.org .