After much work in background and previous update covered here at soylentnews, the guys over at Let's Encrypt have finally given a launch schedule:
Let’s Encrypt has reached a point where we’re ready to announce our launch schedule.
- First certificate: Week of July 27, 2015
- General availability: Week of September 14, 2015
While this is a bit off from the original mid-2015 launch date, it's a great start towards encrypted web communications.
(Score: 5, Insightful) by bradley13 on Thursday June 18 2015, @11:19AM
More encryption - good.
Dead simple installation procedure - excellent.
No more paying ridiculous fees to CAs who do nothing to earn them - icing on the cake.
Everyone is somebody else's weirdo.
(Score: 2) by mtrycz on Thursday June 18 2015, @11:37AM
Love it.
In capitalist America, ads view YOU!
(Score: 5, Insightful) by c0lo on Thursday June 18 2015, @11:50AM
Still a centralized authority to govern your use of encryption? (authority governed by the laws of US and subject to FISA courts?)
A style of encryption which doesn't protect your anonymity (even if it protects your messages)?
Not saying this is not a progress, but surely we should be able to do better.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by bradley13 on Thursday June 18 2015, @01:04PM
Yes, certainly, the whole system needs overhauled. A CA should only have the authority to issue a limited set of certificates. Self-signed certs should not be treated like they have leprosy. Etc, etc. Certificate pinning should be semi-automatic, so that you get a warning if a cert changes unexpectedly. And so on...
However, as you say, this is one step in the right direction. Hopefully, others will follow.
Everyone is somebody else's weirdo.
(Score: 2) by ticho on Thursday June 18 2015, @01:08PM
I'm not sure they will. From what I read around the Internet, too many people are looking forward to this service as to an ultimate panacea that will make unicorns and rainbows. My guess is that people will get placated by it for a while, and maybe only after a while, something more starts happening.
(Score: 2) by gnuman on Thursday June 18 2015, @04:25PM
Did IT embrace IPSec? No. Then they have problems with internal security.
Did IT embrace DNSSEC? No again! Then they complain that "CA" model is too centralized, but they completely ignored TLS-DANE, which 100% depends on DNSSEC.
What IT embraces is lazy, and then bitching that something is not perfect enough.
Let's Encrypt is just an attempt to take out the bread-and-butter of CA cartel, the domain-control certificates. Sure, there is at least one CA that issued free domain control certs, but only 1 per domain, and revocation is not possible without a fee (StartSSL out of Israel). Fortunately, Let's Encrypt maybe lazy enough for most IT to implement. Then again, I don't expect majority of current TLS cert users to switch to Let's Encrypt.
(Score: 2) by NCommander on Friday June 19 2015, @12:10AM
At least for websites, HTTP Public Key Pinning mitigates most of the issue. The CA becomes responsible for securing the first connection, and after that, only the key set by the pins will be accepted.
Still always moving
(Score: 2) by Thexalon on Thursday June 18 2015, @03:22PM
That to me is the best part of the whole deal - sure, the technology is good, but basic certificate installation wasn't all that hard before, the hard part was shelling out cold hard cash to a useless middleman for no good reason.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.