Well it sounds like they're doing a certificate authority that will hand out DV (Domain Validated) certificates for free with simplified verification/ease of use. The trick will be getting it into browser root stores, but if Mozilla does it then I suspect others may follow without to much delay. ============= The key principles behind Let’s Encrypt are: Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost. Automatic: The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background. Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices. Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them. Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source. Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization. ============= On 18/11/14 10:19 PM, Pete Travis wrote: > I just read about Let's Encrypt[0] on LWN. It looks interesting; in > general, I like the idea of more easily provisioned trust. What do the > security experts here think about it? Is this something Fedora should be > involved with, or discouraging? > > > [0] https://letsencrypt.org > > > > -- > security mailing list > security@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/security > -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
-- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
