I just read about Let's Encrypt[0] on LWN. It looks interesting; in general, I like the idea of more easily provisioned trust. What do the security experts here think about it? Is this something Fedora should be involved with, or discouraging?
Well it sounds like they're doing a certificate authority that will hand out DV (Domain Validated) certificates for free with simplified verification/ease of use. The trick will be getting it into browser root stores, but if Mozilla does it then I suspect others may follow without to much delay.
============= The key principles behind Let’s Encrypt are:
Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost. Automatic: The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background. Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices. Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them. Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source. Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization. =============
On 18/11/14 10:19 PM, Pete Travis wrote:
I just read about Let's Encrypt[0] on LWN. It looks interesting; in general, I like the idea of more easily provisioned trust. What do the security experts here think about it? Is this something Fedora should be involved with, or discouraging?
-- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security
security@lists.fedoraproject.org