The Let’s Encrypt security standard will begin issuing free certificates under general availability from the middle of September as part of a major cross-industry effort to help create a more secure web.
Let’s Encrypt officially launched in October 2014 with backing from numerous technology firms and organistaions, including Cisco, Akamai, Mozilla and the Electronic Frontier Foundation (EFF).
The purpose of the standard is to create a system to issue free certificates for the Secure Sockets Layer/Transfer Layer Security (SSL/TLS) protocols used by websites and other services to encrypt data in an easy to deploy manner.
Let’s Encrypt has now given more insight into these plans, revealing on a blog post that the first certificate would be issued from the week of 27 July, while general availability will begin the week commencing 14 September.
Josh Aas, executive director of the Internet Security Research Group (ISRG) which oversees Let's Encrypt, explained that the issue of the certificates would be tightly controlled to ensure the initial launch is secure and goes smoothly.
“We will issue the first end entity certificates under our root under tightly controlled circumstances. No cross-signature will be in place yet, so the certificates will not validate unless our root is installed in client software,” he noted.
“As we approach general availability we will issue more and more certificates, but only for a pre-approved set of domains. This limited issuance period will give us time to further ensure that our systems are secure, compliant, and scalable.”
The move towards general availability received a warm welcome across the web, with numerous posts on Twitter noting the importance of the Let's Encrypt effort.
I seriously cannot overstate how important Let's Encrypt is to the future of the internet.— Noah Kantrowitz (@kantrn) June 17, 2015
Woooop, Let's Encrypt has announced a launch schedule! Encrypt all the things!! https://t.co/VYVBF7xi8K— Alison Macrina (@flexlibris) June 16, 2015
Let’s Encrypt launch date is 14th September! Just 3 months until free widely available SSL. Huzzah! https://t.co/ZHcnAlmKPf— Tom Moitié (@tmoitie) June 17, 2015
The speed of the rollout was touted by Aas as a major achievement, noting it had taken just 11 months to arrive at a date for general availability.
“If we stay true to the schedule outlined above we will have built an innovative CA [certificate authority], capable of operating at internet scale and without cutting corners, in just 11 months," he said.
"That’s quite a feat, given all that’s involved, and a testament to the skill and dedication of our staff, partners, sponsors and contributors.”
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix