Friday 5 December 2014

EFF and Mozilla Join Forces- Encrypting the Entire Web and Giving Free HTTPS Certificates


Let's encrypt
The year 2015 will see HTTPS being finally enables in every part of the world, every person will be able to acquire free, and most of all officially approved SSL/TLS certificate for the enabling process. This new service which is also called Let’s Encrypt (a certificate authority (CA)), have been led by EFF (Electronic Frontier Foundation), the University of Michigan, and the Mozilla apart from their major joining partners Akamai and Cisco. This can be considered as one of major offering for the people who actually know the importance of HTTPS, TLS, and SSL. But, if you among you don’t have much knowledge about this, then just go by the word that this is a very big deal.

Importance of HTTPS: 

If you have noticed, every time you try and surf the net, the email url will show HTTPS or HTTP. It is not easy to explain the content and the process by which they work, but the simple difference is in the letter “S”, which primarily means secure. If your browser gives HTTP in the url, then be aware that it becomes easy for any hacker, Verizon or even the NSA to track down and observe as to what you might be doing. With an additional S, you get the security and confidence that you two people are aware about what you are doing; this includes you and your web browser.

TLS or SSL is used by a web browser to enable the HTTPS in your system, which provides a strong encryption. Usually this process of enabling is not hard for any website administrator, as they just need to generate an encryption key that takes less than a few seconds. The major obstacle comes in, when the key needs to be signed by the CA (certificate authority).

At the end it is the job of the certificate authorities to get all these things added up. Certificate authority mainly prevents random numbers of servers to be created by people, who claim to have websites, have their own certifying signature, and claim to be enacting like any big company. In simple, when you see a simple symbol depicting a lock, it clearly indicates that you are fairly visiting the secured website and not some hacking website in another country itself.

It is not easy to get certificates authorized as there are very few authorities around the world and they charge heavy on your pocket. Symantec, VeriSign and Comodo are major names in these authorities. If someone is not able to pay for these, they go by HTTP.

Let’s Encrypt (CA) 

Let’s Encrypt is expected to launch in 2015, which will be providing completely free and authorized certificates to anyone. The complete process is supposed to be completely automated. The service is expected to be free as the signing and renewal process is fully automated.

The corporate world can be expected to create a sense of resistance as using the Https in their system will now allow them to monitor anyone in the organization. As far open web is concerned, this services comes as the biggest boon ever.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.