A couple of days back, Electronic Frontier Foundation announced, that starting 2015, they plan to launch a new Certificate Authority initiative to change the entire web from your usual HTTP to HTTPS.
The Foundation has partnered with several high-profile players, to turn its upcoming CA initiative into reality. These partners include Mozilla, Cisco, Akamai, IdenTrust, and the University of Michigan.
EFF, via a blog post, said,
Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert
Though EFF itself admits, that the HTTPS is not exactly flawless, but it still is a vast improvement on all of these fronts. EFF believes, that we need to move into a future, where all websites start with a HTTPS, by default.
This new initiative, named Let’s Encrypt will employ a number of new technologies to manage secure automated verification of domains and issuance of certificates. EFF will use a protocol which is still under development and named ACME between web servers and the CA, which includes support for new and stronger forms of domain validation.
The Let’s Encrypt CA will be operated by a new non-profit organization called the Internet Security Research Group (ISRG). EFF helped to put together this initiative with Mozilla and the University of Michigan, and it was later joined for launch by partners including Cisco, Akamai, and Identrust.
The core team working on the Let’s Encrypt CA and agent software includes James Kasten, Seth Schoen, and Peter Eckersley at EFF; Josh Aas, Richard Barnes, Kevin Dick and Eric Rescorla at Mozilla; Alex Halderman and James Kasten and the University of Michigan.