so I’m a fan of encryption. Basically, I think that everything that gets transmitted across the Internet should be encrypted. You know how the NSA is spying on everyone in the hope of catching terrorist boogeymen? They’re looking for a needle in a haystack. I want to add more hay.
Let’s Encrypt, like the name suggests, is a project to enable HTTPS encryption on web sites everywhere. HTTPS has been around since forever, but until now has suffered from a limitation: the only way for a web site to get an HTTPS certificate for free was to generate one themselves – a self-signed certificate. That’s fine for encryption, but it doesn’t allow for identity verification, the other goal of HTTPS. Anybody using a self-signed certificate could claim to be, e.g., your bank. Thus browsers do not by default accept self-signed certificates.
This is where the Certificate Authority system comes in. CAs will sign others’ certificates, verifying the identity of that other server. If your browser trusts a particular CA, then your browser will accept any certificate signed by that CA. I’m greatly simplifying this, obviously. The problem is that existing CAs charge for their services, which makes it unreasonable for tiny little no-budget site owners like me to get HTTPS certificates. I’m not making any money off of this blog – I don’t even have ads – so I can’t justify any additional expenses.
Let’s Encrypt is a new CA. It’s free and automated. And I’m about to get a certificate.
Edit: I’ve gotten the certificate installed. I’ve tested it on three browsers so far (Firefox, Chromium, and some program that just calls itself Browser) all on my main computer. No problems so far! Now to test on other computers.
Edit 2: Let’s Encrypt has published a blog post which I think is relevant: The CA’s Role in Fighting Phishing and Malware