Security Experts:

Open CA Let’s Encrypt Comes Out of Beta

One month after announcing that it had issued over one million certificates since opening to the public in December last year, free and open Certificate Authority (CA) Let’s Encrypt has come out of beta.

The Let’s Encrypt initiative was proposed by the Electronic Frontier Foundation (EFF) as an alternative to established CAs, in an attempt to encourage site owners as possible to secure their domains by providing them with free certificates. The CA issued its first digital certificate in mid-September 2015, entered private beta the next month, and was launched in public beta in December.

On Tuesday, Let’s Encrypt announced that it is leaving beta and that it has secured more sponsors, which should help it continue operations unhindered. The CA’s founding sponsors Cisco and Akamai renewed their sponsorships for 3 more years, while Gemalto, HP Enterprise, Fastly, Duda and ReliableSite.net are new sponsors of the initiative.

Previously, companies such as Mozilla, Cisco, Akamai, Automattic and IdenTrust, among others, also announced their support for the open CA, the same as Linux Foundation. The goal behind Let’s Encrypt is to encrypt all website traffic using Transport Layer Security (TLS), thus protecting user data from eavesdroppers.

The initiative issued its 1 millionth certificate three months after entering public beta and has already reached the 1.7 million certificates for roughly 3.8 million websites. Over the past several months, the CA has gained enough operational experience and confidence in its systems to move out of beta, Josh Aas, ISRG Executive Director, explains in a blog post.

Although its certificates have already been abused by cybercriminals for nefarious purposes, the initiative’s goal to “encrypt 100% of the Web” by offering free certificates has inspired others too, with Amazon already offering free certs as well. However, Let’s Encrypt might turn out to be more of a placebo effect than an actual security solution, F5 Networks' David Holmes explains in a SecurityWeek column.

Earlier this week, WordPress announced that HTTPS is available for all blogs and domains hosted on WordPress.com, and that Let’s Encrypt made this security enhancement possible. For the past two years, the popular content management system has been supporting encryption for sites using WordPress.com subdomains.

Let’s Encrypt is not the only organization committed to bringing HTTPS to more areas of the web, to make the Internet a more secure place. Google too is promoting secure connections by favoring HTTPS pages over their unencrypted counterparts, and recently announced it is monitoring the use of HTTPS on the world’s top 100 sites.

Commenting on Let’s Encrypt’s new milestone, Todd Moore, Vice President of Encryption Product Management at Gemalto, said: “We’re very proud to be a Gold Sponsor for Let’s Encrypt which leverages our industry-leading hardware security modules to protect their certificate authority system. Encryption by default is critical to privacy and security, and by working with Let’s Encrypt Gemalto is helping to deliver trust for the digital services that billions of people use every day.”

 

view counter