Let’s Encrypt, a project aimed at increasing the use of encryption across websites by issuing free digital certificates, is planning to issue the first ones next month. Digital certificates are used to encrypt data traffic between a computer and a server using SSL/TLS (Secure Sockets Layer/Transport Layer Security) and for checking that a website isn’t a spoof.
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG). Its backers include Mozilla, the Electronic Frontier Foundation, Cisco and Akamai.
The key principles behind Let’s Encrypt are:
Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
Josh Aas, ISRG’s executive director wrote this in a blog post.
“We will issue the first end entity certificates under our root under tightly controlled circumstances. No cross-signature will be in place yet, so the certificates will not validate unless our root is installed in client software. As we approach general availability we will issue more and more certificates, but only for a pre-approved set of domains. This limited issuance period will give us time to further ensure that our systems are secure, compliant, and scalable.”
“When it’s time for general availability, we will open up our systems to certificate requests for any domain. A cross-signature from IdenTrust will be in place for general availability, so that our certificates will validate automatically for the vast majority of consumers.”
Let’s Encrypt is planning to issue the first SSL/TLS certificates next month.