It’s the first day of 2015, and so I thought we’d kick it off with some good news. The Electronic Frontier Foundation (EFF) plans to launch a new, apparently open source Certificate Authority that will issue free SSL certificates. Called Let’s Encrypt, this is a joint project by the EFF, Mozilla, the University of Michigan, and other partners, and plans to launch this summer.
Why this is a big deal
Most web traffic is unencrypted, and this poses security risks large and small. Since much, if not most, of the web is made up of small websites with small or nonexistent budgets, created by people with little or no technical knowledge, an SSL certificate is often dismissed as unnecessary or not on the radar altogether. Let’s Encrypt aims to bring SSL to those types of webmasters. The EFF states that:
In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds.
And let’s just reiterate that these certificates will be free. Currently, certificates can range in cost from ten to hundreds of dollars per year, depending on features, warranty, and other considerations. It remains to be seen what features or warranty a Let’s Encrypt SSL certificate will include (if any).
What it looks like
Here is a demo video of installing a certificate using Let’s Encrypt:
If you’re not comfortable with the command line, then you may still need a web developer to install it for you, but at least you’re no longer looking at a 1-3 hour bill for getting the work done. Hopefully, if Let’s Encrypt takes off, turn-key apps and plugins will be developed that will allow non-developers to install certificates as well.
What this means for you
If you already have a basic SSL certificate for your website, you will want to keep an eye on this project; who doesn’t like saving a little money? If you use a more sophisticated certificate, then you will want to make sure that you won’t be giving up necessary features by switching to a Let’s Encrypt certificate. It seems reasonable to anticipate a decrease in cost for certificates across the board, given the new competition, but that of course remains to be seen.
Happy New Year!