Free Web Security Certificates Coming Soon - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Software as a Service
08:06 AM
Connect Directly

Free Web Security Certificates Coming Soon

Let's Encrypt TLS/SSL certificates are now trusted by the major Web browsers. That sets the stage for easier, more affordable online security. Operated by the nonprofit Internet Security Research Group, their aim is to hasten the transition away from the Web's unprotected HTTP protocol to encrypted HTTPS.

9 Ways Technology Is Slowly Killing Us All
9 Ways Technology Is Slowly Killing Us All
(Click image for larger view and slideshow.)

The effort to secure Web traffic from censorship and surveillance has taken another step forward. Let's Encrypt, an initiative to make TLS/SSL certificates freely available to website operators, said on Monday that it has received cross-signatures from IdenTrust. This means its certificates are now trusted by all major Web browsers, and website operators can employ its certificates to ensure that communication between their servers and client software is encrypted.

Let's Encrypt is a certificate authority formed last year by the Electronic Frontier Foundation in conjunction with Akamai, Cisco, Mozilla, IdenTrust, and researchers from the University of Michigan. Operated by the nonprofit Internet Security Research Group, its aim is to hasten the transition away from the Web's unprotected HTTP protocol to encrypted HTTPS.

HTTPS doesn't promise impenetrable security for Web users. It doesn't protect against fake TLS/SSL certificates or flaws in TLS client software, for example. But it is substantially more secure than HTTP, which leaves online traffic exposed.

(Image: Let's Encrypt)

(Image: Let's Encrypt)

The 2013 revelations about the scope of government surveillance, based on the documents leaked by former NSA contractor Edward Snowden, galvanized the Internet community and businesses to seek ways to protect online communication from mass surveillance, as well as from security risks such as account hijacking.

[Is your business looking in the right places for products and services? Read 10 Government Innovations Your Business Can Use.]

Efforts to make online communication more secure extend beyond the Web. Cloud computing companies in the US have been pushing back against government surveillance and have been expanding overseas data center operations to assure customers abroad that their information is secure. Both Apple and Google, as the makers of the two dominant mobile operating systems, have implemented device encryption as a default.

(Image: ConstantinosZ/iStockphoto)

(Image: ConstantinosZ/iStockphoto)

Such security poses a problem for authorities, who fail to recognize that information cannot be simultaneously accessible on-demand and secure. In one recent case that illustrates this tension, the US Department of Justice is trying to compel Apple to help it access the information in a seized iPhone, a demand that the American Civil Liberties Union argues is unconstitutional. Apple does not want to be required to inform on its customers, and in some instances it claims to be technically unable to provide such assistance.

This litigation is taking place amid an unresolved national debate about whether the government can or should require that technology companies provide a "backdoor" to expose encrypted data, even as serious breaches of government systems and ongoing allegations of government-sponsored hacking underscore the need for stronger security.

According to the EFF, the process of acquiring a TLS/SSL certificate has been hampered by bureaucracy, complexity, and cost. Let's Encrypt aims to take the process of enabling website encryption from one to three hours down to about 20 to 30 seconds -- and it plans to do so at no charge. While certificates can be obtained for little or nothing from a few service providers, some Web hosting companies charge $100 per year or more.

Beyond security, implementing HTTPS may help a website rank better in Google Search.

Let's Encrypt expects to begin issuing free TLS/SSL certificates in November.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll