Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Let’s Encrypt Aiming to Encrypt the Web

    By
    Sean Michael Kerner
    -
    September 12, 2016
    Share
    Facebook
    Twitter
    Linkedin

      By default, the web is not secure, enabling data to travel in the clear, but that’s a situation that is easily corrected through the use of SSL/TLS. A challenge with implementing Secure Sockets Layer/Transport Layer Security has been the cost to acquire an SSL/TSL certificate from a known Certificate Authority (CA), but that has changed in 2016, thanks to the efforts of Let’s Encrypt.

      Let’s Encrypt is a non-profit effort that that was was announced in November 2014 and became a Linux Foundation Collaborative Project in April 2015. Let’s Encrypt exited its beta period in April 2016 and to date has provided more than 5 million free certificates.

      In a video interview with eWEEK, Josh Aas, executive director of the Internet Security Research Group and leader of Let’s Encrypt, discusses the technology and security considerations behind the initiative.

      All of the code that enables Let’s Encrypt to provide free certificates is open-source. Additionally, Let’s Encrypt uses its own hardware, rather than ephemeral cloud servers in order to provide security. From a resiliency perspective, Let’s Encrypt benefits from the Akamai Content Delivery Network (CDN) to make sure that certificate status checks via OCSP (Online Certificate Status Protocol) are highly available.

      A key enabler for Let’s Encrypt’s ability to scale is the project’s widespread use of automation tools.

      “We have been able to scale really well. It’s not actually resource-intensive in terms of CPUs to run this [Let’s Encrypt]; it’s more resource-intensive in terms of uptime and security,” Aas said.

      One criticism that Let’s Encrypt has faced is that while it is making SSL/TLS certificates freely available to help secure the web, the service can also be abused by those with malicious intent. Aas commented that it’s an unfortunate truth that any technology that is made available for good security purposes could also be used for bad aims.

      “For us to determine who is a phishing site is very difficult, and it’s a really hard problem,” Aas said.

      Aas suggests that individuals report potential phishing sites via Google Safe Browsing, which, he said, is an effective approach to finding and blocking malware sites. Let’s Encrypt should not be in the business of policing websites for content and simply revoking certificates isn’t enough, he added. That said, Let’s Encrypt’s certificates have a 90-day term before needing to be renewed and as such a potentially mis-issued certificate would only have a limited lifespan.

      “Our goal is to get certificates to everyone on the web,” Aas said.

      It’s a mission that Let’s Encrypt is already making some headway toward. Aas noted that when Let’s Encrypt first began issuing certificates in December 2015, approximately 39.5 percent of page loads on the internet were encrypted. By August 2016, the number of encrypted page loads on the internet grew to approximately 46 percent.

      “That’s a lot of data that got secured,” Aas said.

      While Let’s Encrypt certificates are not responsible for the entire gain in encrypted web traffic, Aas is confident that Let’s Encrypt is having an impact. The certificates that Let’s Encrypt is granting are going to organizations that previously did not have SSL/TLS certificates from commercial vendors, he said.

      “Well over 90 percent of the certificates we have issued have gone to people that didn’t have certificates before,” he said.

      Watch the full video with Josh Aas below:

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×