After ramping up efforts to fund auditing and full-time development for crucial Internet protocols, the Linux Foundation now throws its weight behind an effort to make encryption on the Web inexpensive and easy to deploy.
The Let's Encrypt project, originally created by the ISRG (Internet Security Research Group), aims to provide free, validated TLS certificates to anyone who owns a domain, and by providing tools to make deploying and updated certificates as simple as a single command-line operation.
Deploying TLS encryption certificates can be both complex and costly, but the complexity may be the bigger stumbling block. Even Microsoft and Google have had trouble keeping their certificates up to date. Azure suffered an outage, and Gmail hiccuped because of expired certificates that weren't renewed.
With Let's Encrypt, said Linux Foundation executive director Jim Zemlin, the idea is to make installing and upgrading certificates "as simple as apt-get," referring to the semi-automatic command-line software updater featured in Linux.
Zemlin also stressed that this "is not a Linux-specific project. We've moved beyond that to support lots of different platforms; this is a platform-neutral effort."
Josh Aas, executive director, ISRG, who oversees the Let's Encrypt project, stated in an email that the project is "working on making our software compatible with Linux and Windows initially, with more platforms to follow." The strategy for support on Windows is "still forming," but he noted that "we'll probably start off with a port of our client to Windows PowerShell. In that case the user experience on Windows will be very similar to the user experience on Linux."
Let's Encrypt first appeared in November 2014, backed initially by Mozilla, and promised then to make the process of obtaining and installing certificates both free and easy. The ISRG also has plans to submit its APIs to the Internet Engineering Task Force for consideration as a standard, meaning that in the long run, any number of other free certification authorities that follow this model could spring up.
Existing projects like SSLMate already allow you to renew certificates from the command line, but that service comes at a cost of up to $150 per year for a domain, and Let's Encrypt aims to be free.
According to the ISRG, the Linux Foundation's involvement in the project will consist of "general and administrative support services, as well as services related to fundraising, financial management, contract and vendor management, and human resources." The technical details of Let's Encrypt will remain the ISRG's job, while the Linux Foundation will provide logistics and fund-raising support.
"There are several things that make this a good time for this effort," Zemlin said. "There's an increased sense of the importance of security on the Internet at large. The technology now is also more accessible for these types of systems to be built; bandwidth and CPU are cheaper."
The list of top-level partners on board Let's Encrypt so far includes Mozilla, Cisco, Akamai, and the EFF, but Zemlin wants to get Google, Apple, and Microsoft involved as well. Certificates aren't yet available through Let's Encrypt, but the project is said to be on course to formally open its doors in the second quarter of 2015.