Why FFS "Let Encrypt" initiative is more important than it seems

5:12:00 PM
Why FFS "Let Encrypt" initiative is more important than it seems -

end of 2014, the Electronic Frontier Foundation announced a small software utility called "Let Encrypt" to site administrators. It reduces the time and skills needed to encrypt a Web site from three hours and much googling to twenty seconds and a command. This initiative is more important than being just another random utility.

In the last days of 2014, it became known that the NSA and their ilk can and can not wiretap. To cut a long story short, the technologies that are impossible to wiretap are also technologies that are virtually impossible to use. TOR, OTP, ZRTP. The most user-friendly technologies are emerging Tails and subsequently / RedPhone / TextSecure of Signal, and even they are nerdcore-only software at present.

In 2010, the Tor Project and the Electronic Frontier Foundation developed something called "HTTPS Everywhere". It was a simple browser plugin automatically chooses an encrypted version of websites, if applicable. If you have installed this plugin in your browser, your communications were all a lot more fail. (It remains a question why, four years later, this behavior did not default in browsers.)

However, allowing people to use encrypted communications only not enough. It must also be encrypted communication to begin. Most people who operate small websites are not offers encrypted versions, for several reasons: it costs money to buy an encryption certificate, it takes more than an hour to set up encryption even for the man how to do it (and it involves rather arcane commands in the production of certificates you need to google for each time), and it is a real problem to maintain and renew.

EFF has launched an initiative called "Let Encrypt" which is a simple server-side utility that reduces all that hassle for ten to twenty seconds of work, just once. Instead of an hour more of the procedures, it would just

webserver admin @: ~ $-encrypt allows www.myweb.com

... and the utility would not only generate and install a certificate, no hassle with credit cards and callbacks, but also to automatically renew if necessary. On the back, the Encrypt Let The utility also contains a complete certification authority.

This is quite true. It is this utility that is necessary - it is this .. attitude what is needed for much more than secure web browsing

Security is difficult

good security should not be difficult.

Essentially, the strong safety has been a holder for the technically competent, as noted above in respect of which cryptographic solutions are continuous reality (those that are difficult to use ). We need many more initiatives to make a strong crypto to the masses, and we need to realize that even system administrators find a good crypto too cumbersome.

This must change.

The crypto use strong pain points must disappear. Each of them, and for everyone involved. Congratulations to the EFF to get this ball rolling.

Privacy remains your own responsibility.

Previous
Next Post »
0 Komentar