amuck-landowner

EFF Certificate Authority - Free SSLs! - Lets Encrypt

HalfEatenPie

The Irrational One
Retired Staff
I wonder what the other CAs would do (the ones that make you pay). Maybe have better encryption algo? Or maybe focus more on background-checks and make sure they're able to provide detail on who they are via the cert?

I don't know...
 

splitice

Just a little bit crazy...
Verified Provider
I don't see a problem with it being accepted. Its probably the primary reason for the 2015 release (technically its not complex to run a C.A).

The main risk I see is easy access to certificates for impersonation but I am sure they work around this through stringent validation of authorized domains (e.g restriction to domain contacts).
 

comXyz

New Member
I still use StartSSL for my small websites. For me it's good enough.

Sure I will check it out when it releases to public ^_^
 

raindog308

vpsBoard Premium Member
Moderator
https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic

https://letsencrypt.org/


They're releasing their own certificate authority that will allow for free SSLs. What do you all think? I'm looking forward to it. I hope they release "premium" SSLs (like EV), which would be a great way to support the EFF and get an SSL. :D

Even a "normal" cert with an optional donation.


Yes, I'd pay $5 or $10 to get my SSL from EFF as opposed to a commercial vendor.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic

 

https://letsencrypt.org/

 

They're releasing their own certificate authority that will allow for free SSLs. What do you all think? I'm looking forward to it. I hope they release "premium" SSLs (like EV), which would be a great way to support the EFF and get an SSL. :D
Awesome! Please bring it to market.

And thank you @Steven F for posting about this.
 

Abdussamad

New Member
I wonder what the other CAs would do (the ones that make you pay). Maybe have better encryption algo? Or maybe focus more on background-checks and make sure they're able to provide detail on who they are via the cert?


I don't know...
They're partnering with an existing CA from the old guard so there must be some plan. According to this article they are trying to make it easier to get and install a cert. If you have root access to your server you run their script and it acquires the cert and does the server configuration for you. But most people are on shared hosting where they don't have root access so how will they get a free cert? Perhaps they can't and that is how identrust keeps its market for commercial certs.
 
Last edited by a moderator:

lbft

New Member
The commercial vendors can offer a couple of things that a free cert can't:

  • Those dumb little logos you can put on your site, that when clicked on give assurance that the site can be trusted and mention an impressively large sounding insurance policy that has never paid out in the history of the universe. Customers of e-commerce sites love them even though they don't mean anything.
  • EV certs: nobody is going to give away EV certs for free. As more sites have regular certs (and browser chrome gives EV certs more emphasis) there'll be a shift towards EV certs which are a lot more profitable.
 

Wild1145

New Member
It would be good if everyone was using https, just as peace of mind for those that are not as internet savvy, but in all fairness, Cloudflare offers a secure connection now between the client and cloudflare, and thats enough for some people. 
 

fixidixi

Active Member
"you run their script and it acquires the cert and does the server configuration for you"

well aint gona happen.

@max: it'll grab the cert and download it to the vps, then. well stops as im going to use that cert as i see fit :D.
 

splitice

Just a little bit crazy...
Verified Provider
Its an open protocol for requesting certificates. Its quite nice actually, currently working on a PHP client.
 

TurnkeyInternet

Active Member
Verified Provider
This would be a great thing if it makes to market and is compatible - I think automation is the key, globalsign with its 1-click for instance saves so much time its worth paying for over 'free' if you are the hosting company.   But its hard to argue with free!
 

fixidixi

Active Member
My question is how are they going to handle verification:

a) if its a pain in the *swearword* then well its still not that easy to get

b) then all sorts of idiots are going to misuse it..

well... :)
 
Top
amuck-landowner