EFF Certificate Authority - Free SSLs! - Lets Encrypt

[Steven F]

https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic

 

https://letsencrypt.org/

 

They're releasing their own certificate authority that will allow for free SSLs. What do you all think? I'm looking forward to it. I hope they release "premium" SSLs (like EV), which would be a great way to support the EFF and get an SSL.

 

[MannDude]

Good for them. As long as they're recognized by browsers, it'll be great.

 

[splitice]

I strongly approve.

 

[mojeda]

Awesome.

 

[k0nsl]

/me lieks  :wub: 

 

[HalfEatenPie]

I wonder what the other CAs would do (the ones that make you pay). Maybe have better encryption algo? Or maybe focus more on background-checks and make sure they're able to provide detail on who they are via the cert?

I don't know...

 

[yomero]

Good for them. As long as they're recognized by browsers, it'll be great.

Yep, but personally I don't think that will happen anytime soon. Mozilla, ok, chrome, maybe? IE??? Hmmm... (Hint: cacert).

 

[splitice]

I don't see a problem with it being accepted. Its probably the primary reason for the 2015 release (technically its not complex to run a C.A).

The main risk I see is easy access to certificates for impersonation but I am sure they work around this through stringent validation of authorized domains (e.g restriction to domain contacts).

 

[sv01]

let's hope they don't ended like affirmtrust.com, never launching to public

 

[comXyz]

I still use StartSSL for my small websites. For me it's good enough.

Sure I will check it out when it releases to public ^_^

 

[raindog308]

https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic

https://letsencrypt.org/


They're releasing their own certificate authority that will allow for free SSLs. What do you all think? I'm looking forward to it. I hope they release "premium" SSLs (like EV), which would be a great way to support the EFF and get an SSL.

Even a "normal" cert with an optional donation.


Yes, I'd pay $5 or $10 to get my SSL from EFF as opposed to a commercial vendor.

 

[drmike]

https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic

 

https://letsencrypt.org/

 

They're releasing their own certificate authority that will allow for free SSLs. What do you all think? I'm looking forward to it. I hope they release "premium" SSLs (like EV), which would be a great way to support the EFF and get an SSL.

Awesome! Please bring it to market.

And thank you @Steven F for posting about this.

 

[switsys]

Nice with another free CA.

Let's see if this one carries more weight than the former one.

 

[Abdussamad]

I wonder what the other CAs would do (the ones that make you pay). Maybe have better encryption algo? Or maybe focus more on background-checks and make sure they're able to provide detail on who they are via the cert?


I don't know...

They're partnering with an existing CA from the old guard so there must be some plan. According to this article they are trying to make it easier to get and install a cert. If you have root access to your server you run their script and it acquires the cert and does the server configuration for you. But most people are on shared hosting where they don't have root access so how will they get a free cert? Perhaps they can't and that is how identrust keeps its market for commercial certs.

 

[lbft]

The commercial vendors can offer a couple of things that a free cert can't:

• Those dumb little logos you can put on your site, that when clicked on give assurance that the site can be trusted and mention an impressively large sounding insurance policy that has never paid out in the history of the universe. Customers of e-commerce sites love them even though they don't mean anything.
• EV certs: nobody is going to give away EV certs for free. As more sites have regular certs (and browser chrome gives EV certs more emphasis) there'll be a shift towards EV certs which are a lot more profitable.

 

[Wild1145]

It would be good if everyone was using https, just as peace of mind for those that are not as internet savvy, but in all fairness, Cloudflare offers a secure connection now between the client and cloudflare, and thats enough for some people. 

 

[fixidixi]

"you run their script and it acquires the cert and does the server configuration for you"

well aint gona happen.

@max: it'll grab the cert and download it to the vps, then. well stops as im going to use that cert as i see fit .

 

[splitice]

Its an open protocol for requesting certificates. Its quite nice actually, currently working on a PHP client.

 

[TurnkeyInternet]

This would be a great thing if it makes to market and is compatible - I think automation is the key, globalsign with its 1-click for instance saves so much time its worth paying for over 'free' if you are the hosting company.   But its hard to argue with free!

 

[fixidixi]

My question is how are they going to handle verification:

a) if its a pain in the *swearword* then well its still not that easy to get

b) then all sorts of idiots are going to misuse it..

well...