Lets Encrypt: Some time ago most sites were not secured with Security Layer Security encryption (TLS). Because the internet started with HTTP instead of HTTPS. So today, 81% of websites worldwide use the HTTPS protocol. This percentage has reached 91% in the US.
We owe a huge thank you to the Internet Security Research Group ('s) for this huge increase in secure web browsing (ISRG) with their project Lets Encrypt.
Let's Encrypt just issued the billionth security certificate.
"Encryption should be the default on the Internet," said Josh Aas, CEO of ISRG and senior Mozilla technologist when the Lets Encrypt project.
"The Internet is a complex space nowadays, and it is very difficult for consumers to control their data. The only reliable strategy to ensure that the personal data and information of each of us is protected during our web browsing is encryption. ”
It should be noted here that Let's Encrypt did not only provide free certificates TLS all over the world, but also made use of them very easy. The automatic process was made possible with ACME protocol (Automatic Certificate Management Environment).
The ACME today an IETF standard, RFC 8555 and automates the creation of public key infrastructure certificates (PKI), enabling the rapid creation of millions of security certificates.
Thanks to ACME, Let Encrypt currently serves nearly 200 million websites with two new employees and a 28% increase in its budget from June 2017.
To use ACME and to get a certificate from Let's Encrypt, you need one ACME client. One of the best ACME clients it's the Certbot of the EFF (Electronic Frontier Foundation).
EFF has developed Certbot to make it as easy as possible to secure a website with Lets Encrypt or any other CA that supports ACME.
However, as easy as it is for each of us to issue a security certificate for a page of ours, it is just as easy for malicious users to try to place "tampered" pages as safe.
By automating certificates TLS, Let's Encrypt is said to facilitate them substantially malicious users who want to launch "secure" websites. to obtain safe locations. For example, hackers have been able to forge certificates to help hide malicious websites like pages from major companies such as Apple, Google and PayPal because each site can obtain a certificate. TLS.
In short: just because you can log in to a site securely does not mean that the site itself is secure.
So Let's Encrypt is currently working to further improve the quality of its security.
For example, it has recently enhanced domain validation methods. It is a process used by all certification authorities TLS to ensure that the person requesting a certificate is actually the owner of the domain for which he or she wishes it.
But despite the problem mentioned above, Let's Encrypt (a non-profit company) seems to have done a very good job on the world wide web.
Polys: The first blockchain voting machine
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators