[b]Launching in 2015: A Certificate Authority to Encrypt the Entire Web[/b]
Today EFF is pleased to announce Let’s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS.
Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.
So this seems to be a future Certificate Authority that will issue free certificates in an easy manner, now what I would want to discuss is how this will affect Comodo, if I remember correctly, CIS is free largely because of Comodos income from being a Certificate Authority and selling certificates, Could “Let’s Encrypt” potentially threaten that income and by extension would that result in CIS no longer being free?
Personally I’m in favor of a free an easy way to get a certificate, but at the same time the main reason I’m using CIS for is because it’s free, I don’t know if I would stick by it if it became a paid product, but that’s just me.
What do you people think?
And Melih, do you see this as a potential threat to your income from being a CA and if so do you think it would potentially mean CIS would transfer into being a paid product only? Also do you think this is a positive development in order to create better security on the internet?