Well it sounds like they're doing a certificate authority that will hand
out DV (Domain Validated) certificates for free with simplified
verification/ease of use. The trick will be getting it into browser root
stores, but if Mozilla does it then I suspect others may follow without
to much delay.
=============
The key principles behind Let’s Encrypt are:
Free: Anyone who owns a domain can get a certificate validated for that
domain at zero cost.
Automatic: The entire enrollment process for certificates occurs
painlessly during the server’s native installation or configuration
process, while renewal occurs automatically in the background.
Secure: Let’s Encrypt will serve as a platform for implementing modern
security techniques and best practices.
Transparent: All records of certificate issuance and revocation will be
available to anyone who wishes to inspect them.
Open: The automated issuance and renewal protocol will be an open
standard and as much of the software as possible will be open source.
Cooperative: Much like the underlying Internet protocols themselves,
Let’s Encrypt is a joint effort to benefit the entire community, beyond
the control of any one organization.
=============
On 18/11/14 10:19 PM, Pete Travis wrote:
I just read about Let's Encrypt[0] on LWN. It looks interesting;
in
general, I like the idea of more easily provisioned trust. What do the
security experts here think about it? Is this something Fedora should be
involved with, or discouraging?
[0]
https://letsencrypt.org
--
security mailing list
security(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/security
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993