Free Web Security Certificates Coming Soon - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Software as a Service
News
10/21/2015
08:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Free Web Security Certificates Coming Soon

Let's Encrypt TLS/SSL certificates are now trusted by the major Web browsers. That sets the stage for easier, more affordable online security. Operated by the nonprofit Internet Security Research Group, their aim is to hasten the transition away from the Web's unprotected HTTP protocol to encrypted HTTPS.

9 Ways Technology Is Slowly Killing Us All
9 Ways Technology Is Slowly Killing Us All
(Click image for larger view and slideshow.)

The effort to secure Web traffic from censorship and surveillance has taken another step forward. Let's Encrypt, an initiative to make TLS/SSL certificates freely available to website operators, said on Monday that it has received cross-signatures from IdenTrust. This means its certificates are now trusted by all major Web browsers, and website operators can employ its certificates to ensure that communication between their servers and client software is encrypted.

Let's Encrypt is a certificate authority formed last year by the Electronic Frontier Foundation in conjunction with Akamai, Cisco, Mozilla, IdenTrust, and researchers from the University of Michigan. Operated by the nonprofit Internet Security Research Group, its aim is to hasten the transition away from the Web's unprotected HTTP protocol to encrypted HTTPS.

HTTPS doesn't promise impenetrable security for Web users. It doesn't protect against fake TLS/SSL certificates or flaws in TLS client software, for example. But it is substantially more secure than HTTP, which leaves online traffic exposed.

(Image: Let's Encrypt)

(Image: Let's Encrypt)

The 2013 revelations about the scope of government surveillance, based on the documents leaked by former NSA contractor Edward Snowden, galvanized the Internet community and businesses to seek ways to protect online communication from mass surveillance, as well as from security risks such as account hijacking.

[Is your business looking in the right places for products and services? Read 10 Government Innovations Your Business Can Use.]

Efforts to make online communication more secure extend beyond the Web. Cloud computing companies in the US have been pushing back against government surveillance and have been expanding overseas data center operations to assure customers abroad that their information is secure. Both Apple and Google, as the makers of the two dominant mobile operating systems, have implemented device encryption as a default.

(Image: ConstantinosZ/iStockphoto)

(Image: ConstantinosZ/iStockphoto)

Such security poses a problem for authorities, who fail to recognize that information cannot be simultaneously accessible on-demand and secure. In one recent case that illustrates this tension, the US Department of Justice is trying to compel Apple to help it access the information in a seized iPhone, a demand that the American Civil Liberties Union argues is unconstitutional. Apple does not want to be required to inform on its customers, and in some instances it claims to be technically unable to provide such assistance.

This litigation is taking place amid an unresolved national debate about whether the government can or should require that technology companies provide a "backdoor" to expose encrypted data, even as serious breaches of government systems and ongoing allegations of government-sponsored hacking underscore the need for stronger security.

According to the EFF, the process of acquiring a TLS/SSL certificate has been hampered by bureaucracy, complexity, and cost. Let's Encrypt aims to take the process of enabling website encryption from one to three hours down to about 20 to 30 seconds -- and it plans to do so at no charge. While certificates can be obtained for little or nothing from a few service providers, some Web hosting companies charge $100 per year or more.

Beyond security, implementing HTTPS may help a website rank better in Google Search.

Let's Encrypt expects to begin issuing free TLS/SSL certificates in November.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
shamika
50%
50%
shamika,
User Rank: Ninja
10/29/2015 | 12:33:44 PM
Re: positive change
The best thing it's free, open and automated. People will be eager to grab it.
shamika
50%
50%
shamika,
User Rank: Ninja
10/29/2015 | 12:14:56 PM
Re: Very interesting
@teamelectric12 I agree with you. It is important to have these technologies in order to protect the web from vulnerabilities.
soozyg
50%
50%
soozyg,
User Rank: Ninja
10/21/2015 | 8:03:19 PM
positive change
I think this is a great move. Because the potential risks of unencrypted sites can have huge impacts on multiple computers and networks.
teamelectric12
50%
50%
teamelectric12,
User Rank: Apprentice
10/21/2015 | 4:58:48 PM
Very interesting
It is nice to see free web security certificates coming. Hoepfully this can make the web a slightly safer place. 
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll