The Electronic Frontier Foundation (EFF) just launched an initiative called “Let’s Encrypt”. The point of the initiative is to make the adoption of HTTPS a quicker and easier process, ultimately providing for a more secure internet. The announcement was made on the EFF’s blog yesterday about the goal and their current progress.
Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan are all involved in Let’s Encrypt. Currently the EFF estimates that it takes an inexperienced web developer 1-3 hours to enable web encryption for the first time – their hope is to shorten that time considerably. The goal, according to their blog, is
“… aiming to fix that by reducing setup time to 20-30 seconds.”
Http is widely used over the more secure https due to its simplicity, but the potential security cost is enormous. The EFF is aware of the challenges of implementing https globally in its current state, saying
“The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires.”
Being able to reduce the time to their advertised 20-30 seconds could be the improvement needed to make https much more widely adopted. How exactly do they plan to do it, however? They claim that the plan is to use current and still-developing technologies to streamline the process, such as the ACME protocol, the EFF’s Decentralized SSL Observatory, the University of Michigan’s Scans.io, and finally, Google’s Certificate Transparency logs. All of these will be used simultaneously to decide if a security certificate is safe enough or not.
The EFF has released a demo video explaining and showing off the current state of Let’s Encrypt. The plan is to have a roll-out by summer of 2015. To help the Let’s Encrypt project move forward, go test it and break it!